Updated Appendix A Test Sites (markdown)

Thorin-Oakenpants 2019-01-23 17:19:10 +00:00
parent 0ef2b432a9
commit 2816c8a0c3

@ -24,7 +24,7 @@ If you would like to submit a test page to be added to this list, please post th
### :small_orange_diamond: Multiple Tests [multi-page] ### :small_orange_diamond: Multiple Tests [multi-page]
- [BrowserSpy.dk](http://browserspy.dk/) - **h**ttp://browserspy.dk/ - [BrowserSpy.dk](http://browserspy.dk/) - **h**ttp://browserspy.dk/
- [BrowserLeaks](https://www.browserleaks.com/) - **h**ttps://www.browserleaks.com/ - [BrowserLeaks](https://www.browserleaks.com/) - **h**ttps://www.browserleaks.com/
- [HTML Security](https://html5sec.org/) - **h**ttps://html5sec.org/ - [HTML5 Test](https://html5test.com/) - **h**ttps://html5test.com/
### :small_orange_diamond: Encryption / Ciphers / SSL/TLS / Certificates ### :small_orange_diamond: Encryption / Ciphers / SSL/TLS / Certificates
- [BadSSL](https://badssl.com/) - **h**ttps://badssl.com/ - [BadSSL](https://badssl.com/) - **h**ttps://badssl.com/
@ -32,11 +32,6 @@ If you would like to submit a test page to be added to this list, please post th
- [Qualys SSL Labs](https://www.ssllabs.com/ssltest/viewMyClient.html) - **h**ttps://www.ssllabs.com/ssltest/viewMyClient.html - [Qualys SSL Labs](https://www.ssllabs.com/ssltest/viewMyClient.html) - **h**ttps://www.ssllabs.com/ssltest/viewMyClient.html
- [Fortify](https://www.fortify.net/sslcheck.html) - **h**ttps://www.fortify.net/sslcheck.html - [Fortify](https://www.fortify.net/sslcheck.html) - **h**ttps://www.fortify.net/sslcheck.html
- [How's My SSL](https://www.howsmyssl.com/) - **h**ttps://www.howsmyssl.com/ - [How's My SSL](https://www.howsmyssl.com/) - **h**ttps://www.howsmyssl.com/
- [Heartbleed](https://filippo.io/Heartbleed/) - **h**ttps://filippo.io/Heartbleed/
- [Freak Attack](https://freakattack.com/clienttest.html) - **h**ttps://freakattack.com/clienttest.html
* Firefox is not vulnerable to this attack <sup>[source](http://www.eweek.com/blogs/security-watch/microsoft-admits-windows-users-are-vulnerable-to-freak-attacks)</sup>
- [Logjam](https://weakdh.org/) - **h**ttps://weakdh.org/
* Firefox 39+ is not vulnerable <sup>[source](https://www.mozilla.org/security/advisories/mfsa2015-70/)</sup>
- [Symantec](https://cryptoreport.websecurity.symantec.com/checker/views/sslCheck.jsp) - **h**ttps://cryptoreport.websecurity.symantec.com/checker/views/sslCheck.jsp - [Symantec](https://cryptoreport.websecurity.symantec.com/checker/views/sslCheck.jsp) - **h**ttps://cryptoreport.websecurity.symantec.com/checker/views/sslCheck.jsp
- [GRC Fingerprint](https://www.grc.com/fingerprints.htm) - **h**ttps://www.grc.com/fingerprints.htm - [GRC Fingerprint](https://www.grc.com/fingerprints.htm) - **h**ttps://www.grc.com/fingerprints.htm
* EV [Extended Validation] / SSL Interception check [Do you see a bright green padlock?] * EV [Extended Validation] / SSL Interception check [Do you see a bright green padlock?]
@ -50,7 +45,6 @@ If you would like to submit a test page to be added to this list, please post th
### :small_orange_diamond: Other ### :small_orange_diamond: Other
- [AudioContext](https://audiofingerprint.openwpm.com/) - **h**ttps://audiofingerprint.openwpm.com/ - [AudioContext](https://audiofingerprint.openwpm.com/) - **h**ttps://audiofingerprint.openwpm.com/
- [Battery](https://pstadler.sh/battery.js/) <sup>1</sup> - **h**ttps://pstadler.sh/battery.js/
- [Cache Fingerprinting](http://cookieless-user-tracking.herokuapp.com/) - **h**ttp://cookieless-user-tracking.herokuapp.com/ - [Cache Fingerprinting](http://cookieless-user-tracking.herokuapp.com/) - **h**ttp://cookieless-user-tracking.herokuapp.com/
* It does this by assigning a unique variable in a cached script (see [#436](https://github.com/ghacksuserjs/ghacks-user.js/issues/436#issuecomment-392069853)) * It does this by assigning a unique variable in a cached script (see [#436](https://github.com/ghacksuserjs/ghacks-user.js/issues/436#issuecomment-392069853))
* Article: https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/ * Article: https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/
@ -62,10 +56,8 @@ If you would like to submit a test page to be added to this list, please post th
- [DNS Leak](https://www.dnsleaktest.com/) - **h**ttps://www.dnsleaktest.com/ - [DNS Leak](https://www.dnsleaktest.com/) - **h**ttps://www.dnsleaktest.com/
- [DNS Spoofability](https://www.grc.com/dns/dns.htm) - **h**ttps://www.grc.com/dns/dns.htm - [DNS Spoofability](https://www.grc.com/dns/dns.htm) - **h**ttps://www.grc.com/dns/dns.htm
- [Evercookie](https://samy.pl/evercookie/) - **h**ttps://samy.pl/evercookie/ - [Evercookie](https://samy.pl/evercookie/) - **h**ttps://samy.pl/evercookie/
- [Firefox Extensions](http://thehackerblog.com/addon_scanner/) - **h**ttp://thehackerblog.com/addon_scanner/
- [localStorage](http://www.filldisk.com/) - **h**ttp://www.filldisk.com/ - [localStorage](http://www.filldisk.com/) - **h**ttp://www.filldisk.com/
* Firefox is immune to this hackery * Firefox is immune to this hackery
- ~~[HSTS Supercookie](http://www.radicalresearch.co.uk/lab/hstssupercookies) - **h**ttp://www.radicalresearch.co.uk/lab/hstssupercookies~~
- [HSTS [sniffly]](http://zyan.scripts.mit.edu/sniffly/) - **h**ttp://zyan.scripts.mit.edu/sniffly/ - [HSTS [sniffly]](http://zyan.scripts.mit.edu/sniffly/) - **h**ttp://zyan.scripts.mit.edu/sniffly/
- [HTML5](https://www.youtube.com/html5) - **h**ttps://www.youtube.com/html5 - [HTML5](https://www.youtube.com/html5) - **h**ttps://www.youtube.com/html5
- [Intermediate CA Cache Fingerprinting](https://fiprinca.0x90.eu/poc/) - **h**ttps://fiprinca.0x90.eu/poc/ - [Intermediate CA Cache Fingerprinting](https://fiprinca.0x90.eu/poc/) - **h**ttps://fiprinca.0x90.eu/poc/
@ -73,7 +65,7 @@ If you would like to submit a test page to be added to this list, please post th
* disable JS, resize the browser with the tests open * disable JS, resize the browser with the tests open
* [@media window size leak PoC](https://demos.traudt.xyz/css/media/index.html) - **h**ttps://demos.traudt.xyz/css/media/index.html * [@media window size leak PoC](https://demos.traudt.xyz/css/media/index.html) - **h**ttps://demos.traudt.xyz/css/media/index.html
* [Inner Window Measurements](https://arthuredelstein.github.io/tordemos/media-query-fingerprint.html) - **h**ttps://arthuredelstein.github.io/tordemos/media-query-fingerprint.html * [Inner Window Measurements](https://arthuredelstein.github.io/tordemos/media-query-fingerprint.html) - **h**ttps://arthuredelstein.github.io/tordemos/media-query-fingerprint.html
- [IPv6 Leak](http://ipv6leak.com/) - **h**ttp://ipv6leak.com/ - [IPv6 Leak](http://ipv6leak.com/) - **h**ttp://ipv6leak.com/
- [Keyboard Events](https://w3c.github.io/uievents/tools/key-event-viewer.html) - **h**ttps://w3c.github.io/uievents/tools/key-event-viewer.html - [Keyboard Events](https://w3c.github.io/uievents/tools/key-event-viewer.html) - **h**ttps://w3c.github.io/uievents/tools/key-event-viewer.html
- [Popup Killer](http://www.kephyr.com/popupkillertest/index.html) - **h**ttp://www.kephyr.com/popupkillertest/index.html - [Popup Killer](http://www.kephyr.com/popupkillertest/index.html) - **h**ttp://www.kephyr.com/popupkillertest/index.html
- [Popup Test](http://www.popuptest.com/) - **h**ttp://www.popuptest.com/ - [Popup Test](http://www.popuptest.com/) - **h**ttp://www.popuptest.com/
@ -82,8 +74,6 @@ If you would like to submit a test page to be added to this list, please post th
- [Redirects](https://jigsaw.w3.org/HTTP/300/Overview.html) - **h**ttps://jigsaw.w3.org/HTTP/300/Overview.html - [Redirects](https://jigsaw.w3.org/HTTP/300/Overview.html) - **h**ttps://jigsaw.w3.org/HTTP/300/Overview.html
- [Referer Headers](https://www.darklaunch.com/tools/test-referer) - **h**ttps://www.darklaunch.com/tools/test-referer - [Referer Headers](https://www.darklaunch.com/tools/test-referer) - **h**ttps://www.darklaunch.com/tools/test-referer
- [rel=noopener](https://mathiasbynens.github.io/rel-noopener/) - **h**ttps://mathiasbynens.github.io/rel-noopener/ - [rel=noopener](https://mathiasbynens.github.io/rel-noopener/) - **h**ttps://mathiasbynens.github.io/rel-noopener/
- [Resource://URI](https://www.browserleaks.com/firefox) - **h**ttps://www.browserleaks.com/firefox
- ~~[WebRTC IP Leak](https://www.privacytools.io/webrtc.html) - **h**ttps://www.privacytools.io/webrtc.html~~
- [WebRTC](https://browserleaks.com/webrtc) - **h**ttps://browserleaks.com/webrtc - [WebRTC](https://browserleaks.com/webrtc) - **h**ttps://browserleaks.com/webrtc
<sup>1</sup> Since Firefox 52, the Battery Status API is now chrome/privileged access and is not accessible by web pages. <sup>1</sup> Since Firefox 52, the Battery Status API is now chrome/privileged access and is not accessible by web pages.