Manuel Sousa
Manuel Sousa
Size Leaks are very important XS-Leaks. They are often addressed in the browser when researchers find exact ways to leak the size. Some mechanisms that still work: - [Cache Timing](https://github.com/xsleaks/xsleaks/wiki/Browser-Side-Channels#cache-timing)...
Some XS-Leaks are not state-dependent and can be used to leak information about internal networks, for example, with [port scanning](https://portswigger.net/research/exposing-intranets-with-reliable-browser-based-port-scanning) The wiki currently focuses on web applications and their behaviors...
List of interesting topics about XS-Leaks that might be a good starting point to someone interested in researching new attacks/defenses/bypasses.
- Add fancy badges to README - Add instructions about the theme upgrade strategy to README - Add theme as subtree and migrates all custom modifications to it
In Navigations article we mention `History.pushState` as something that can affect `History.length`. While this is true, it's not really related to navigations. This was not changed because we would have...
- Add a nice things section to mention stuff like same-site cookies default rollout, same-site cookies bypasses, and other interesting stuff related to XS-Leaks, CTF challenges with XS-Leaks
XSS Filters and in particular XSSAuditor are one of the most known XS-Leaks out there. Due to so many issues it was removed from [Chromium](https://bugs.chromium.org/p/chromium/issues/detail?id=968591) and [Edge](https://blogs.windows.com/windows-insider/2018/07/25/announcing-windows-10-insider-preview-build-17723-and-build-18204/). Ideas: - The...
We excluded a group of Leaks that abuse certain discrepancies in dynamic JS/CSS Resources and properties of Images. Some of these attacks are: - Detect a a CSS resource changed...
This leak reflects how deep XS-Leaks can go. It shows how attackers can influence an Anti Virus Software in dealing with a web server (and user data) with cross-site requests....
In PR https://github.com/xsleaks/wiki/pull/16 we introduced motivations for a [Defensive Design Article](https://github.com/xsleaks/wiki/blob/master/content/docs/defenses/design-protections/defensive-design.md) where we believe, this particular article should be the result of a community effort from both companies (which fix...