Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-25 06:00:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [#3292] No subject

Browse source
This commit is contained in:
CPol 2022-06-28 16:00:34 +00:00 committed by gitbook-bot
parent ccb2f72f8b
commit a659f82334
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
pentesting-web/xs-search.md
View file

@ -495,12 +495,13 @@ If the **max** number of **redirects** to follow of a browser is **20**, an atta
### History Length
* **Inclusion Methods**: Pop-ups
* **Detectable Difference**: Status Code
* **More info**: 
* **Inclusion Methods**: Frames, Pop-ups
* **Detectable Difference**: Redirects
* **More info**: [https://xsleaks.dev/docs/attacks/navigations/](https://xsleaks.dev/docs/attacks/navigations/)
* **Summary:** JavaScript code manipulates the browser history and can be accessed by the length property.
The **History API** allows JavaScript code to manipulate the browser history, which **saves the pages visited by a user**. An attacker can use the length property as an inclusion method: to detect JavaScript and HTML navigation. Multiple works have studied the browser history and show how to abuse it to determine **whether a user has accessed a certain website** \[44, 47, 54, 75].
The **History API** allows JavaScript code to manipulate the browser history, which **saves the pages visited by a user**. An attacker can use the length property as an inclusion method: to detect JavaScript and HTML navigation.\
**Checking `history.length`**, making a user **navigate** to a page, **change** it **back** to the same-origin and **checking** the new value of **`history.length`**.
### Frame Counting