Für die Leute die es noch nicht mitbekommen haben, hier ein intressanter Link: https://github.com/diracdeltas/sniffly
Ist in der Kategorie Anonymität&Proxies weil das ganze ein "Angriff" auf den Browser ist und somit gut zum Metadatensammeln benutzt werden kann.



Sniffly is an attack that abuses HTTP Strict Transport Security and Content Security Policy to allow arbitrary websites to sniff a user's browsing history. It has been tested in Firefox and Chrome.

How it works

I recommend reading the inline comments in src/index.js to understand how Sniffly does a timing attack in both FF and Chrome without polluting the local HSTS store.

  1. User visits Sniffly page
  2. Browser attempts to load images from various HSTS domains over HTTP
  3. Sniffly sets a CSP policy that restricts images to HTTP, so image sources are blocked before they are redirected to HTTPS. This is crucial! If the browser completes a request to the HTTPS site, then it will receive the HSTS pin, and the attack will no longer work when the user visits Sniffly.
  4. When an image gets blocked by CSP, its onerror handler is called. In this case, the onerrorhandler does some fancy tricks to time how long it took for the image to be redirected from HTTP to HTTPS. If this time is on the order of a millisecond, it was an HSTS redirect (no network request was made), which means the user has visited the image's domain before. If it's on the order of 100 milliseconds, then a network request probably occurred, meaning that the user hasn't visited the image's domain.
Voraussetzung ist das der Host HSTS aktiviert hat, bei free-hack sollte das ganze also klappen ;-)

Wird wohl ne Zeit dauern bis das Design gepatcht (wenn überhaupt) wird