Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/diracdeltas/sniffly
Sniffing browser history using HSTS
https://github.com/diracdeltas/sniffly
Last synced: 8 days ago
JSON representation
Sniffing browser history using HSTS
- Host: GitHub
- URL: https://github.com/diracdeltas/sniffly
- Owner: diracdeltas
- License: mit
- Created: 2015-10-25T00:00:52.000Z (about 9 years ago)
- Default Branch: gh-pages
- Last Pushed: 2017-08-05T02:06:44.000Z (over 7 years ago)
- Last Synced: 2024-11-20T03:53:53.616Z (22 days ago)
- Language: JavaScript
- Homepage:
- Size: 12.3 MB
- Stars: 935
- Watchers: 60
- Forks: 118
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-network-stuff - **922**星
README
# Sniffly2
Sniffly2 is a variant of
[Sniffly](https://github.com/diracdeltas/sniffly/tree/master)
which abuses HTTP Strict Transport Security headers and the Performance Timing
API in order to sniff your browsing history in Chromium-based browsers.
## Demo
Visit http://diracdeltas.github.io/sniffly in Chrome/Chromium/Brave/etc. with HTTPS
Everywhere disabled.
Caveats:
* does not work on mobile or Firefox
* does not work over HTTPS due to mixed content blocking.
* adblockers may taint results
## Acknowledgements
* [crbug436451](https://bugs.chromium.org/p/chromium/issues/detail?id=436451), reported by `[email protected]`, for the idea of probing port 443 over HTTP
* Scott Helme for providing an initial list of HSTS hosts