Skip to content

diracdeltas/sniffly

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
util
util
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
blacklist.js
blacklist.js
 
 
hosts.js
hosts.js
 
 
index.html
index.html
 
 
index.js
index.js
 
 

Repository files navigation

Sniffly2

Sniffly2 is a variant of Sniffly which abuses HTTP Strict Transport Security headers and the Performance Timing API in order to sniff your browsing history in Chromium-based browsers.

Demo

Visit http://diracdeltas.github.io/sniffly in Chrome/Chromium/Brave/etc. with HTTPS Everywhere disabled.

Caveats:

  • does not work on mobile or Firefox
  • does not work over HTTPS due to mixed content blocking.
  • adblockers may taint results

Acknowledgements

  • crbug436451, reported by imfaster...@gmail.com, for the idea of probing port 443 over HTTP
  • Scott Helme for providing an initial list of HSTS hosts

About

Sniffing browser history using HSTS

Resources

Readme

License

MIT license
Activity

Stars

935 stars

Watchers

60 watching

Forks

118 forks
Report repository

Releases

3 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages