Skip to content

diracdeltas/sniffly

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Sniffly2

Sniffly2 is a variant of Sniffly which abuses HTTP Strict Transport Security headers and the Performance Timing API in order to sniff your browsing history in Chromium-based browsers.

Demo

Visit http://diracdeltas.github.io/sniffly in Chrome/Chromium/Brave/etc. with HTTPS Everywhere disabled.

Caveats:

  • does not work on mobile or Firefox
  • does not work over HTTPS due to mixed content blocking.
  • adblockers may taint results

Acknowledgements

  • crbug436451, reported by [email protected], for the idea of probing port 443 over HTTP
  • Scott Helme for providing an initial list of HSTS hosts