Stealing browser history without JavaScript

Zinco zinco at
Sun Jun 14 23:04:37 UTC 2009

>>>> Matej Kovacic wrote:
>>>> Hi,
>>>> this seems an interesting issue:
>>>> bye, Matej

>>>Anon Mus Wrote:     
>>> Been to this site and it dont work on my firefox.3.0.8 browser... (with 
>>> NoScript, QuickJava, Better Privacy, JavaScript Deobfuscator, Quick 
>>> Preference Button & User Agent Switcher)
>>> it replies with a 0 (zero) count. But there should be dozens.

>> Zinco Wrote:
>> Seems to me it would have to have all websites known to man on the page
>> loads.  If it looks at "visited links" css on the page it loads it could
>> only look at websites on that page.  It would have to store a lot of web
>> pages on that hidden i-frame to really compare.  Unless you are looking
>> see if a particular person visited a particular page doesn't seem like it
>> would do anyone much good.

>Anon Mus Wrote:   
>Maybe IFrames don't work on Firefox. The pages IFrame message "Please 
>enable Iframes, though" is superfluous, as it only prints if IFrames is 
>functional !!

>Reminds me of a security software con site years ago which would print 
>some detail value known only to your browser, up on a web page. Of 
>course, only YOU could see it, no data was sent to the visited web site.

>Even though it was a con,  lots of people bought the security software 
>to protect themselves from that non-existent leak.

>In this IFrames exploit the test web page is said to have a css 
>background image embedded in it. I can find no such image (background: 

>The only image on the page is a javascript button. But there is a 
>javascript dependent Google Analytics urchin tracker.

>Would the author Brendon Bo[mb]shell like to identify him/her self?

Zinco Wrote:

50000 pages isn't very much.  Would have to contain millions it would seem.
It did work on my browser and found 30 of the most popular sites.  Ebay ect.

Index.php I-Frame
<iframe src="start_scan.php?769245844" width="300" height="260"
frameborder="0" scrolling="no">Please enable Iframes, though</iframe>

<p><!-- AddThis Button BEGIN -->
<!-- AddThis Button END -->
<script type="text/javascript">
digg_skin = 'compact';
digg_window = 'new';
<script src=""
<script type="text/javascript"
Start_scan.php I-frame
<iframe src="sites_list.php?sess=fe728e" width="288" height="210"


<iframe src="base.php?sess=fe728e" width="1" height="1"
<style type="text/css">#l2001

More information about the tor-talk mailing list