StartPanic ?
|
May. 11, 2009, 07:27 PM
(This post was last modified: May. 11, 2009 07:59 PM by Toppy.)
Post: #1
|
|||
|
|||
StartPanic ?
Hi,
I dunno if this has been talked about here, but it seems to be quite easily for a website to get all your website visiting history. http://startpanic.com/ I only tested it with FF 3.0.x, where it is *working* FF 3.1beta with Private Browsing enabled should protect from :visited mishandling. I have no clue if that could be fixed with some kind of filter ? I had to bypass Proxo for the Let's Start! button to work though. Anyway, it is explained here : http://sharovatov.wordpress.com/2009/04/...acy-issue/ and seems to make use of a predefined database here (1.3 MB big) http://startpanic.com/db/db_en.txt |
|||
May. 11, 2009, 11:48 PM
Post: #2
|
|||
|
|||
RE: StartPanic ?
Interesting!
(May. 11, 2009 07:27 PM)Toppy Wrote: I have no clue if that could be fixed with some kind of filter ? I don't think so, because - if i got the code correctly - the database links are loaded into a "about:blank" iframe, after inserting this tag: Code: <STYLE>a{color: #000000; display:none;}a:visited {color: #FF0000; display:inline;}</STYLE> Then their "display" style is evaluated and reported back to the main document. Now, Proxomitron scripts or CSS obviously aren't inserted into "about:blank" documents. Quote:I had to bypass Proxo for the Let's Start! button to work though. I had to select "Allow Ad JavaScript" -> "Go" from the Proxomitron menu. |
|||
May. 12, 2009, 11:07 AM
Post: #3
|
|||
|
|||
RE: StartPanic ?
...but you could change the to-be-injected code the hard way. It's also good enough for Gemal's http://browserspy.dk/css-exploit.php . (In JavaScript, however, there is always a way to hide specific code, if someone really wants to...)
Without the second line in the Matching Expression the filter is stand-alone. In that case it might match where it shouldn't, though. Code: [Patterns] |
|||
Jun. 15, 2009, 01:32 AM
Post: #4
|
|||
|
|||
RE: StartPanic ?
Just saw this at the Mozillazine forum:
http://forums.mozillazine.org/viewtopic....a&start=15 Posted April 26th, 2009, 11:32 am On Windows, I use Proxomitron to filter web pages. Someone wrote a quick Prox filter to defeat that CSS snooping. This is the Prox filter: Code: [Patterns] On Mac OS, I use BFilter to filter web pages. The filter that I added for that is in an extra filter file and is this: Code: [Hide Visited Condition] What do you think? |
|||
« Next Oldest | Next Newest »
|