-
Scary: Browser Hack lets other see what sites you visit
READ THE WHOLE THREAD TO LEARN HOW TO PREVENT THIS, BEFORE CLICKING ANY LINKS !
Ok, I found this pretty hard to believe at first, but apprently there is a Internet Browser hack that can allow others to see
your browser history. The hack relies on comparing link color (link color changes after you visit a site usually) against a list of known websites.
If the link color is different than the default, it means you have visited that site. You can read more about it here: http://jeremiahgrossman.blogspot.com...ouve-been.html
Anyway, apparently there is a site that lets you use this hack to find out what porn sites your friends/visitors have been looking at. So if you feel like messing with someone, check this out:
Porn Catcher
http://caughthemwatching.com/
or a youtube video about it http://www.youtube.com/watch?v=3t7-MKVbncw
-
Re: Scary: Browser Hack lets other see what sites you visit
A first post with 4 links is generally a good indication of a cunt, and one is left to wonder why that cunt thinks people would be moronic enough to click any of those links.
Are you a cunt at all.
-
Re: Scary: Browser Hack lets other see what sites you visit
OMG someone has posted something almost identical elsewhere. What's the chances of that.
http://www.tapecity.org/showthread.php?p=199550
Ok, I found this pretty hard to believe at first, but apprently there is a Internet Browser hack that can allow others to see
your browser history. The hack relies on comparing link color (link color changes after you visit a site usually) against a list of known websites.
If the link color is different than the default, it means you have visited that site. You can read more about it here: http://jeremiahgrossman.blogspot.com...ouve-been.html
Anyway, apparently there is a site that lets you use this hack to find out what porn sites your friends/visitors have been looking at. So if you feel like messing with someone, check this out:
Porn Catcher
http://caughthemwatching.com/
or a youtube video about it http://www.youtube.com/watch?v=3t7-MKVbncw
skistar668 is offline Reply With Quote
-
Re: Scary: Browser Hack lets other see what sites you visit
Ban the prick now Cabalo, do something useful ffs.
-
Re: Scary: Browser Hack lets other see what sites you visit
He's also jackflash333 so I'm assuming that he is either getting something for posting links or he's phishing IPs.
-
Re: Scary: Browser Hack lets other see what sites you visit
Quote:
Originally Posted by
JPaul
Ban the prick now Cabalo, do something useful ffs.
Idol beat me to it :(
As a bonus, this indeed works and some torrent sites use it in their code, especially the gazelle ones, where it comes installed by default, you just have to add sites to the list.
To avoid this, use noscript to avoid the java attempt, and also change a firefox setting, as described here.
-
Re: Scary: Browser Hack lets other see what sites you visit
Quote:
Originally Posted by
Cabalo
you just have to add sites to the list.
Famous cheater boards, for example :cool: Or T-I.
Quote:
To avoid this, use noscript to avoid the java attempt, and also change a firefox setting, as described
here.
You're forgetting something... even if you disable JavaScript and HTTP referers, you can still get caught via the CSS flavor of the attack. To prevent that, you need to use an anti-leak custom stylesheet, except on Firefox, where simply disabling history is enough to prevent the attack.
-
Re: Scary: Browser Hack lets other see what sites you visit
Quote:
Originally Posted by
Cabalo
Quote:
Originally Posted by
JPaul
Ban the prick now Cabalo, do something useful ffs.
Idol beat me to it :(
As a bonus, this indeed works and some torrent sites use it in their code, especially the gazelle ones, where it comes installed by default, you just have to add sites to the list.
To avoid this, use noscript to avoid the java attempt, and also change a firefox setting, as described
here.
Why are torrent sites using this? :unsure:
-
Re: Scary: Browser Hack lets other see what sites you visit
There are certain forums they don't carry on well with.
-
Re: Scary: Browser Hack lets other see what sites you visit
Quote:
Originally Posted by
tesco
Quote:
Originally Posted by
Cabalo
Idol beat me to it :(
As a bonus, this indeed works and some torrent sites use it in their code, especially the gazelle ones, where it comes installed by default, you just have to add sites to the list.
To avoid this, use noscript to avoid the java attempt, and also change a firefox setting, as described
here.
Why are torrent sites using this? :unsure:
Some sites want to know if the users visited certain links, and FST is at some of those. It can be used to trace recent trades or even public giveaways. I've discussed this at TC, if you remember.
Quote:
Originally Posted by
anon-sbi
Famous cheater boards, for example :cool: Or T-I.
Quote:
To avoid this, use noscript to avoid the java attempt, and also change a firefox setting, as described
here.
You're forgetting something... even if you disable JavaScript and HTTP referers, you can still get caught via the CSS flavor of the attack. To prevent that, you need to use an anti-leak custom stylesheet, except on Firefox, where simply disabling history is enough to prevent the attack.
Could you post the css stylesheet? I remember reading about that at your forum, but I've no idea where I can find it any more.
-
Re: Scary: Browser Hack lets other see what sites you visit
Quote:
Originally Posted by
Cabalo
Could you post the css stylesheet?
Here you are:
PHP Code:
a:visited{
background: none !important;
background-image: none !important;
list-style-image: none !important;
}
-
Re: Scary: Browser Hack lets other see what sites you visit
Thank you!
How should the file be named and where should it be placed ?
-
Re: Scary: Browser Hack lets other see what sites you visit
For Firefox, the file must be called userContent.css and goes inside this folder:
Code:
%appdata%\Mozilla\Firefox\Profiles\xxxxxxxx.default\chrome
Opera users have to follow a slightly different procedure:
Quote:
Save it [the stylesheet] somewhere (can be any folder; I chose %programfiles%\Opera\styles) as user.css. You must enclose the filename between quotes in Notepad, or else it'll save it as a TXT file.
Open Opera, and go to View -> Style -> Manage Modes.
Click on the Display tab, then "Choose..." your stylesheet. Go to the directory where you located user.css and select it. Now go to the Presentation Modes tab and make sure the "My style sheet" checkbox is ticked for both modes.
Note: if you have set custom preferences for sites in the past, this tweak may not apply for those. You should go to Tools -> Preferences -> Advanced -> Content -> Manage Site Preferences, highlight a site, click on Edit, then go to the Display tab and make sure your stylesheet is being used at the bottom. Repeat this for every site you've set custom preferences for.
-
Re: Scary: Browser Hack lets other see what sites you visit
Quote:
Originally Posted by
anon-sbi
Quote:
Originally Posted by
Cabalo
Could you post the css stylesheet?
Here you are:
PHP Code:
a:visited{
background: none !important;
background-image: none !important;
list-style-image: none !important;
}
The theory behind this is one the the smartest, yet simplest hacks that I've ever seen. :)
Quote:
Originally Posted by
Cabalo
Some sites want to know if the users visited certain links, and FST is at some of those. It can be used to trace recent trades or even public giveaways. I've discussed this at TC, if you remember.
Right, I thought you were talking about reading the referrer header.
-
Re: Scary: Browser Hack lets other see what sites you visit
Quote:
Originally Posted by
tesco
The theory behind this is one the the smartest, yet simplest hacks that I've ever seen. :)
Yes, and it took us a while to find out this is what trackers were using. In the meantime, their staff took advantage of the confusion and would tell they'd have hacked my board and thus got all the IPs they needed to disabled users on IRC... :huh:
Now I look back at those times and laugh :lol: (Even though I wasn't so amused when I lost my What.cd and BCG accounts)
-
Re: Scary: Browser Hack lets other see what sites you visit
Quote:
Originally Posted by
anon-sbi
Here you are:
PHP Code:
a:visited{
background: none !important;
background-image: none !important;
list-style-image: none !important;
}
i learned about this exploit through http://didyouwatchporn.com/ :P
does the css solution still work? cause i created the usercontent.css and pasted the above code and it still says i visited youporn :naughty: (i deleted it from history first and then revisited it after creating the .css)
-
Re: Scary: Browser Hack lets other see what sites you visit
Quote:
i learned about this exploit through
http://didyouwatchporn.com/
does the css solution still work? cause i created the usercontent.css and pasted the above code and it still says i visited youporn (i deleted it from history first and then revisited it after creating the .css)
If you notice when you click links they will not change in appearance.
Before you added the css script you would have noticed that it differs before and after you clicked the link. This is what the script stops.
If you want your history to not show up on your own computer then go to
Tools > Options... > privacy (tab on the top) > firefox will: never remember history▼
If you don't want to be caught by www.didyouwatchporn.com download http://noscript.net/?ver=1.9.9.77
-
Re: Scary: Browser Hack lets other see what sites you visit
links still change color, i guess thats why didyouwatchporn finds me.
i m attaching my userContent.css to see if i m doing something wrong
http://www.sendspace.com/file/fsndz4
-
Re: Scary: Browser Hack lets other see what sites you visit
Quote:
Originally Posted by
0th
does the css solution still work? cause i created the usercontent.css and pasted the above code and it still says i visited youporn :naughty:
The stylesheet only takes care of the CSS "flavor" of the attack. Your history can be easily checked via JavaScript as well. NoScript should fix that.
-
Re: Scary: Browser Hack lets other see what sites you visit
Quote:
Originally Posted by
0th
There is no way in hell I'm downloading a file you put up.
Just open it with notepad and past what it contains here.
-
Re: Scary: Browser Hack lets other see what sites you visit
It's the exact same one I posted.
He probably didn't disable JavaScript for the history checker, just like it should be done for sites like What.cd.
-
Re: Scary: Browser Hack lets other see what sites you visit
You could do that in NoScript...
-
Re: Scary: Browser Hack lets other see what sites you visit
Quote:
Originally Posted by
Slickerey
You could do that in NoScript...
Yea, when I clicked that website he linked to the whole page didn't appear with noscript on :P
Owned :pinch:
-
Re: Scary: Browser Hack lets other see what sites you visit
That's the only bad thing about NoScript, but having the extra protection is quite helpful...
-
Re: Scary: Browser Hack lets other see what sites you visit
You could also use HistoryBlock, https://addons.mozilla.org/en-US/firefox/addon/8631/
You simply add the sites you don't want people to know about, eg. torrent invite sites, competing tracker sites, whatever, and the history hacks won't work. Remember to clear your history after installing it.
-
Re: Scary: Browser Hack lets other see what sites you visit
Nice. Thanks for the link.
