Updated Appendix A Test Sites (markdown)

Thorin-Oakenpants 2019-01-23 17:21:45 +00:00
parent 2816c8a0c3
commit f79a623114

@ -52,7 +52,7 @@ If you would like to submit a test page to be added to this list, please post th
* See [Issue 174](https://github.com/ghacksuserjs/ghacks-user.js/issues/174) * See [Issue 174](https://github.com/ghacksuserjs/ghacks-user.js/issues/174)
- [CSS Exfil Vulnerability](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester) - **h**ttps://www.mike-gualtieri.com/css-exfil-vulnerability-tester - [CSS Exfil Vulnerability](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester) - **h**ttps://www.mike-gualtieri.com/css-exfil-vulnerability-tester
* [CSS Keylogger with no CSP](https://no-csp-css-keylogger.badsite.io/) - **h**ttps://no-csp-css-keylogger.badsite.io/ * [CSS Keylogger with no CSP](https://no-csp-css-keylogger.badsite.io/) - **h**ttps://no-csp-css-keylogger.badsite.io/
- [CSS History Leak](http://lcamtuf.coredump.cx/yahh/) <sup>2</sup> - **h**ttp://lcamtuf.coredump.cx/yahh/ - [CSS History Leak](http://lcamtuf.coredump.cx/yahh/) <sup>1</sup> - **h**ttp://lcamtuf.coredump.cx/yahh/
- [DNS Leak](https://www.dnsleaktest.com/) - **h**ttps://www.dnsleaktest.com/ - [DNS Leak](https://www.dnsleaktest.com/) - **h**ttps://www.dnsleaktest.com/
- [DNS Spoofability](https://www.grc.com/dns/dns.htm) - **h**ttps://www.grc.com/dns/dns.htm - [DNS Spoofability](https://www.grc.com/dns/dns.htm) - **h**ttps://www.grc.com/dns/dns.htm
- [Evercookie](https://samy.pl/evercookie/) - **h**ttps://samy.pl/evercookie/ - [Evercookie](https://samy.pl/evercookie/) - **h**ttps://samy.pl/evercookie/
@ -76,9 +76,7 @@ If you would like to submit a test page to be added to this list, please post th
- [rel=noopener](https://mathiasbynens.github.io/rel-noopener/) - **h**ttps://mathiasbynens.github.io/rel-noopener/ - [rel=noopener](https://mathiasbynens.github.io/rel-noopener/) - **h**ttps://mathiasbynens.github.io/rel-noopener/
- [WebRTC](https://browserleaks.com/webrtc) - **h**ttps://browserleaks.com/webrtc - [WebRTC](https://browserleaks.com/webrtc) - **h**ttps://browserleaks.com/webrtc
<sup>1</sup> Since Firefox 52, the Battery Status API is now chrome/privileged access and is not accessible by web pages. <sup>1</sup> This test is a PoC (proof of concept). You will need `layout.css.visited_links_enabled` set as `true`. You will also need a normal window (not a Private Browsing one). The PoC only covers a handful of sites, and many of those will not "leak" as the code is checking HTTP and the site has moved to HTTPS - i.e the full URL has changed. For best results:
<sup>2</sup> This test is a PoC (proof of concept). You will need `layout.css.visited_links_enabled` set as `true`. You will also need a normal window (not a Private Browsing one). The PoC only covers a handful of sites, and many of those will not "leak" as the code is checking HTTP and the site has moved to HTTPS - i.e the full URL has changed. For best results:
* Open a normal window in a vanilla Firefox. Clear everything (Ctrl-Shift-Del). * Open a normal window in a vanilla Firefox. Clear everything (Ctrl-Shift-Del).
* Go to http://www.cnn.com/ and http://www.foxnews.com/ * Go to http://www.cnn.com/ and http://www.foxnews.com/
* Go to the [test page](http://lcamtuf.coredump.cx/yahh/) and play a game (takes 30 seconds or so) * Go to the [test page](http://lcamtuf.coredump.cx/yahh/) and play a game (takes 30 seconds or so)