Git/firefox-user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2024-11-26 04:21:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updated Appendix A Test Sites (markdown)

Thorin-Oakenpants 2019-01-23 17:21:45 +00:00
parent 2816c8a0c3
commit f79a623114
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Appendix-A---Test-Sites.md

@ -52,7 +52,7 @@ If you would like to submit a test page to be added to this list, please post th
* See [Issue 174](https://github.com/ghacksuserjs/ghacks-user.js/issues/174)
- [CSS Exfil Vulnerability](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester) - **h**ttps://www.mike-gualtieri.com/css-exfil-vulnerability-tester
* [CSS Keylogger with no CSP](https://no-csp-css-keylogger.badsite.io/) - **h**ttps://no-csp-css-keylogger.badsite.io/
- [CSS History Leak](http://lcamtuf.coredump.cx/yahh/) <sup>2</sup> - **h**ttp://lcamtuf.coredump.cx/yahh/
- [CSS History Leak](http://lcamtuf.coredump.cx/yahh/) <sup>1</sup> - **h**ttp://lcamtuf.coredump.cx/yahh/
- [DNS Leak](https://www.dnsleaktest.com/) - **h**ttps://www.dnsleaktest.com/
- [DNS Spoofability](https://www.grc.com/dns/dns.htm) - **h**ttps://www.grc.com/dns/dns.htm
- [Evercookie](https://samy.pl/evercookie/) - **h**ttps://samy.pl/evercookie/
@ -76,9 +76,7 @@ If you would like to submit a test page to be added to this list, please post th
- [rel=noopener](https://mathiasbynens.github.io/rel-noopener/) - **h**ttps://mathiasbynens.github.io/rel-noopener/
- [WebRTC](https://browserleaks.com/webrtc) - **h**ttps://browserleaks.com/webrtc
<sup>1</sup> Since Firefox 52, the Battery Status API is now chrome/privileged access and is not accessible by web pages.
<sup>2</sup> This test is a PoC (proof of concept). You will need `layout.css.visited_links_enabled` set as `true`. You will also need a normal window (not a Private Browsing one). The PoC only covers a handful of sites, and many of those will not "leak" as the code is checking HTTP and the site has moved to HTTPS - i.e the full URL has changed. For best results:
<sup>1</sup> This test is a PoC (proof of concept). You will need `layout.css.visited_links_enabled` set as `true`. You will also need a normal window (not a Private Browsing one). The PoC only covers a handful of sites, and many of those will not "leak" as the code is checking HTTP and the site has moved to HTTPS - i.e the full URL has changed. For best results:
* Open a normal window in a vanilla Firefox. Clear everything (Ctrl-Shift-Del).
* Go to http://www.cnn.com/ and http://www.foxnews.com/
* Go to the [test page](http://lcamtuf.coredump.cx/yahh/) and play a game (takes 30 seconds or so)