W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2015

Browser Fingerprinting using HSTS and CSP

From: Keiji Takeda <tkeiji@w3.org>
Date: Wed, 2 Dec 2015 11:04:00 -0500
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <565F1670.3040800@w3.org>
I think this is worth sharing here.

Sniffly (presented at ToorCon2015 by yan zhu/MIT) abuses HSTS and CSP to
steal browser history.

Sniffy:
     https://github.com/diracdeltas/sniffly

Presentation:
     https://zyan.scripts.mit.edu/presentations/toorcon2015.pdf

Demo(tries to show sites you visited):
     http://zyan.scripts.mit.edu/sniffly/

Keiji
Received on Wednesday, 2 December 2015 16:04:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:31 UTC