NDevTK
NDevTK
I wanted to keep some connections open annoyed that glitch.com uses http/2 :/
Found https://deelay.me/100000/ for a delayed reply with no HTTP/2 used.
@terjanq every tab shares the same network so it maybe possible to detect when a request is made, Because a fetch will be slower when theirs less usable bandwidth. With...
@terjanq chrome devtools network tab has a connection id feature. https://stackoverflow.com/a/43520092 it seems a connection gets shared when using `fetch("https:///?c="+Math.random(), {mode: "no-cors", credentials: "include"});`
There does seem to be a delay for the first connection but dont know a way to force disconnect the connection, So you have to wait for the browser to...
Update :D When fetching https://www.google.com from https://example.com You can force close the connection by doing `for(let i=0; i
- So I guess its possible to do a timing attack for http/2 by checking for no significant difference between a request with and without `credentials: "include"` that has an...
Made a function for testing the delay. ```js async function checkDelay(domain, times) { var TODO = []; let start = performance.now(); for(let i=0; i
I should relay get back to this, being able to do timings attacks with DNS maybe interesting.
@BitnomadLive > In theory, this should be possible. But if you want to apply this in a real scenario I think there are just too many factors you can't control....