Stealing browser history without JavaScript

downie - downgeoff2 at
Sun Jun 14 22:15:57 UTC 2009

> Date: Sun, 14 Jun 2009 22:34:32 +0100
> From: at
> To: or-talk at
> Subject: Re: Stealing browser history without JavaScript

> > Matej Kovacic wrote:
> >

> > Seems to me it would have to have all websites known to man on the page it
> > loads. If it looks at "visited links" css on the page it loads it could
> > only look at websites on that page. It would have to store a lot of web
> > pages on that hidden i-frame to really compare. Unless you are looking to
> > see if a particular person visited a particular page doesn't seem like it
> > would do anyone much good.

There are 50000 URLs used: they are loaded into the Iframe 2000 at a time.
But yes it wuld be more useful for breaking the anonymity of a particular person who you had a known unique URL for.

> Zinco wrote:
> In this IFrames exploit the test web page is said to have a css
> background image embedded in it. I can find no such image (background:
> #003399;).
> (See

The links each have their own style statement and a background called from log_base.php
e.g. #l49871 a:visited{background:url(log_base.php?id=49871&sess=xxxxx);

Windows Live™ SkyDrive™: Get 25 GB of free online storage.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the tor-talk mailing list