NDevTK
NDevTK
@manuelvsousa did "HEIST" get fixed it seems like window navigations should bypass "SameSite cookies" from https://github.com/w3c/resource-timing/issues/64#issuecomment-242785022 Considering the SharedArrayBuffer can be used to create a high precision clock https://github.com/whatwg/storage/issues/31 may...
Created https://github.com/xsleaks/wiki/pull/114 for compression attacks.
CSP leaks should not be limited to the csp iframe property. It can exploited using https://xsleaks.dev/docs/attacks/xs-search/ the same as most xsleaks.
Theres not enough thats different so I just changed the title.
@manuelvsousa the report uses yahoo mail may also work for other services allowing XS-Search seems bad. From what I understand about it you can do timing attacks even if its...
@terjanq do you think it would be possible to create a traffic monitor in javascript? That shows the time, duration and maybe host of each network request in a table.
Since network bandwidth is limited it would be hard for a browser to prevent this attack not even sure what a website can do to prevent it. Even by denying...
@manuelvsousa if it was done using the "top-level document's origin" that could still be abused with window.open() Anyway the network will always make this attack possible. Being able to do...
@manuelvsousa yeah if the only limit was socket exhaustion it would require a popunder bug. However the network connection has limited bandwidth that can also be exploited. As said in...