Comments (5)
Thanks for pointing it out! I didn't remember about this technique, will try to mention it in the article for sure.
This seems very reliable per my testing and doesn't include any timing nor referer manipulations. CC: @masasron @lbherrera @manuelvsousa
from wiki.
credentials: "include"
is only needed for firefox
does not work if "browser.cache.cache_isolation" is enabled on firefox but window timing attacks can still be used if the domain is the same.
from wiki.
I also did not remember this one. If the vector is as reliable as it seems I think it's worth giving it some nice focus in the wiki. Maybe somewhere in Cache Probing?
from wiki.
Firefox seems to work better when the timeout is set higher (12)
Also it probably works better in a Web Worker because setTimeout may get throttled
from wiki.
Merged.
from wiki.
Related Issues (20)
- ifCached alternative for chrome partitioned cache HOT 8
- CORS error on Origin Reflection misconfiguration HOT 16
- Cache Probing through image.complete property HOT 17
- Media information leaks HOT 6
- CSS Tricks HOT 15
- xsleaks.dev vs xsleaks.com HOT 2
- Add POC for connection pool attacks. HOT 23
- Add device performance leaks. HOT 6
- CSS Injection section HOT 2
- Add interactive examples. HOT 1
- Would "Existence oracle for Secure cookies on insecure Web origins" be a worthy addition? HOT 1
- cache partitioning HOT 2
- ID Attribute framing protection bypass link HOT 3
- Hints in Contribution section HOT 1
- https://xsleaks.dev/docs/attacks/navigations/#download-bar no longer strictly true
- "Edit this article" points to invalid URL (extra slash)
- Separate Contributors to a new article. HOT 2
- Consider changing the example on the Introduction page HOT 2
- The "Root cause of XS-Leaks" section is a bit hard to understand
- Add more examples of utilising Frame Counting
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wiki.