mirror of
https://github.com/arkenfox/user.js.git
synced 2024-11-29 13:56:56 +01:00
Updated Appendix A Test Sites (markdown)
parent
2816c8a0c3
commit
f79a623114
@ -52,7 +52,7 @@ If you would like to submit a test page to be added to this list, please post th
|
||||
* See [Issue 174](https://github.com/ghacksuserjs/ghacks-user.js/issues/174)
|
||||
- [CSS Exfil Vulnerability](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester) - **h**ttps://www.mike-gualtieri.com/css-exfil-vulnerability-tester
|
||||
* [CSS Keylogger with no CSP](https://no-csp-css-keylogger.badsite.io/) - **h**ttps://no-csp-css-keylogger.badsite.io/
|
||||
- [CSS History Leak](http://lcamtuf.coredump.cx/yahh/) <sup>2</sup> - **h**ttp://lcamtuf.coredump.cx/yahh/
|
||||
- [CSS History Leak](http://lcamtuf.coredump.cx/yahh/) <sup>1</sup> - **h**ttp://lcamtuf.coredump.cx/yahh/
|
||||
- [DNS Leak](https://www.dnsleaktest.com/) - **h**ttps://www.dnsleaktest.com/
|
||||
- [DNS Spoofability](https://www.grc.com/dns/dns.htm) - **h**ttps://www.grc.com/dns/dns.htm
|
||||
- [Evercookie](https://samy.pl/evercookie/) - **h**ttps://samy.pl/evercookie/
|
||||
@ -76,9 +76,7 @@ If you would like to submit a test page to be added to this list, please post th
|
||||
- [rel=noopener](https://mathiasbynens.github.io/rel-noopener/) - **h**ttps://mathiasbynens.github.io/rel-noopener/
|
||||
- [WebRTC](https://browserleaks.com/webrtc) - **h**ttps://browserleaks.com/webrtc
|
||||
|
||||
<sup>1</sup> Since Firefox 52, the Battery Status API is now chrome/privileged access and is not accessible by web pages.
|
||||
|
||||
<sup>2</sup> This test is a PoC (proof of concept). You will need `layout.css.visited_links_enabled` set as `true`. You will also need a normal window (not a Private Browsing one). The PoC only covers a handful of sites, and many of those will not "leak" as the code is checking HTTP and the site has moved to HTTPS - i.e the full URL has changed. For best results:
|
||||
<sup>1</sup> This test is a PoC (proof of concept). You will need `layout.css.visited_links_enabled` set as `true`. You will also need a normal window (not a Private Browsing one). The PoC only covers a handful of sites, and many of those will not "leak" as the code is checking HTTP and the site has moved to HTTPS - i.e the full URL has changed. For best results:
|
||||
* Open a normal window in a vanilla Firefox. Clear everything (Ctrl-Shift-Del).
|
||||
* Go to http://www.cnn.com/ and http://www.foxnews.com/
|
||||
* Go to the [test page](http://lcamtuf.coredump.cx/yahh/) and play a game (takes 30 seconds or so)
|
||||
|
Loading…
Reference in New Issue
Block a user