Linuxbox.co.ukStealing Browser History with Javascript and CSS
A lesser known function in Javascript is currentStyle, which returns the CSS properties for an element in the document. Most web browser keep a record of visited URLs, so by setting different styles for a and a:visited, we can programatically determine if a link displayed in the document has previously been visited. Or, to put things more simply: your browser shows visited links in a different colour. Javascript can be used to spot that change in colour, hence tell if you've visited a particular site or not.
So all we need to do is generate a document containing thousands of different URLs, and inspect the style attributes for each. My method uses a list of URLs loaded into a hidden iframe. The list is then iterated though, and currentStyle called for each link. A less that honest webmaster could then pass the list of visited URLs back to the server (eg via AJAX) to snoop on a user's browsing history.
You have two choices:
The quick test only checks for .co.uk domains, and contains just over 1,000 entries. It will take around a minute to run.
For a more comprehensive search, try the larger test, but beware that with over 90,000 entries this will take a while. Exact speed depends on your bandwidth and CPU power, but expect anything from 30 seconds to 5 minutes.
Please note: this code doesn't not provide an exhaustive list of all URLs you have visited. It merely checks if you have visited any contained in a predefined list
Services
Code
- Ghoti: IRC Client for X11
- Dialog Quiz
- vBulletin Performance Tuning
- LBCache, vBulletin Cache
- vBulletin Anti-spam Hack
- Apache Fingerprinting: mod_pof
- mod_miserable (Apache)
- Website Performance Testing
- Firefox Toolbar Tutorial
- SEO Postcodes (OS Commerce)
Data
Fun Stuff
- Stealing browser history with JS and CSS
- Cowsay
- Spam Poetry
- Movie Plot Generator
- Beer Table
- Beer Christmas Tree
pete@linuxbox.co.uk
(+44) 07890 592198