tag:blogger.com,1999:blog-13756280.post115533136414121759..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: I know where you've beenJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger87125tag:blogger.com,1999:blog-13756280.post-64051429725794481552016-08-10T01:21:17.445-07:002016-08-10T01:21:17.445-07:00Do anyone know why it doesn't work anymore?Do anyone know why it doesn't work anymore? Anonymoushttps://www.blogger.com/profile/02195008686781596566noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-79358444516922134282016-08-10T01:19:18.379-07:002016-08-10T01:19:18.379-07:00Do anyone know why it doesn't work anymore?Do anyone know why it doesn't work anymore?Anonymoushttps://www.blogger.com/profile/02195008686781596566noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-20972722963997642172013-04-25T03:20:26.485-07:002013-04-25T03:20:26.485-07:00HTMLS will 4 thiss CSS things. ofcourse in other w...HTMLS will 4 thiss CSS things. ofcourse in other way. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-68038769989731897952012-08-01T11:48:09.859-07:002012-08-01T11:48:09.859-07:00i guess it doesn't work anymorei guess it doesn't work anymoreAnonymoushttps://www.blogger.com/profile/04558190963765688731noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-72157037862864228732011-11-23T12:22:20.387-08:002011-11-23T12:22:20.387-08:00Thanks for sharing! Very interestingThanks for sharing! Very interestingHanshttp://www.sex-cam-livecam.comnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-9551061652901726682010-12-21T12:10:44.231-08:002010-12-21T12:10:44.231-08:00This article has a neat workaround for designers: ...This article has a neat workaround for designers: http://www.webdesignfromscratch.com/html-css/getting-around-the-css-history-leak-limitations/Ben Hunthttps://www.blogger.com/profile/05501108355159275201noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-35995989591829060282009-09-06T05:44:11.864-07:002009-09-06T05:44:11.864-07:00interesting!interesting!Norbreck Castlehttp://www.norbreckcastle.comnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-42509352235916784862009-08-02T16:58:19.682-07:002009-08-02T16:58:19.682-07:00There's something very similar at http://linux...There's something very similar at http://linuxbox.co.uk/stealing-browser-history-with-javascipt-and-css.php<br /><br />It uses the same idea, but is hopefully a bit faster (certainly a lot faster than startpanic.com's)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-31464762838092929382009-07-29T07:45:05.357-07:002009-07-29T07:45:05.357-07:00Another tweek would be to build the query string d...Another tweek would be to build the query string dynamically from a keyword list<br />for example look at these google urls..<br /><br />http://www.google.co.uk/search?hl=en&safe=off&q= css+history+hack &btnG=Search&meta=<br />http://www.google.co.uk/search?hl=en&safe=off&q= teen+porn &btnG=Search&meta=<br /><br />Slightly more elegant than a brute force list of specific URLs and once a basic search result has been found I dare say this could be extended further using PHP to scrape links from the target page<br />thus forming a feedback loop that would be actively hunting down the browser history rather than stumbling blindly.<br /><br />CybraxJon - my hats not black just dark green & dustyAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1528714087912794572009-06-05T01:47:14.879-07:002009-06-05T01:47:14.879-07:00Hyves (a dutch SN) uses subdomain.
For instance, m...Hyves (a dutch SN) uses subdomain.<br />For instance, my url over there is martiendejong.hyves.nl<br />If I would generate a list of profile urls (or better, something like {profileurl}/manage.php) and iterate over it I think it would be possible.<br /><br />I only have to find a way do this in the background for about 20M profiles.. :pGhdjdhttps://www.blogger.com/profile/01561493199090171968noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-85235426248650508262009-06-04T13:39:03.693-07:002009-06-04T13:39:03.693-07:00hmm, maybe, but the user would have to have been t...hmm, maybe, but the user would have to have been to the URL we'd be checking. Got a sample URL of something you'd have in mind?Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-80195916398051706442009-06-04T13:14:16.507-07:002009-06-04T13:14:16.507-07:00How about finding someone's name with a little...How about finding someone's name with a little addition to this code?<br /><br />If you let this code run through for instance Facebook profiles you can get a general idea about whom a person is befriend with.<br /><br />Any ideas on this?Ghdjdhttps://www.blogger.com/profile/01561493199090171968noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-26200230198111690202009-05-19T16:01:52.445-07:002009-05-19T16:01:52.445-07:00It is quite embarassing to see this trick is almos...It is quite embarassing to see this trick is almost three years old, and still nobody happened to fix it. <br />I guess this problem is really hard to fix lolGhdjdhttps://www.blogger.com/profile/01561493199090171968noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-14746326032399514742008-12-20T16:33:00.000-08:002008-12-20T16:33:00.000-08:00if u want it to work with IEtry this:if(navigator....if u want it to work with IE<BR/><BR/>try this:<BR/><BR/>if(navigator.appName.indexOf("Microsoft")!=-1){ <BR/>var color = link.currentStyle['color'];}else{<BR/>var color = document.defaultView.getComputedStyle(link,null).getPropertyValue("color");}<BR/><BR/>im a 13 year old webdesigner who's been fooling around with all the internet security exploits you have found, and i continue to be impressedAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-48817380898088466282008-08-10T04:11:00.000-07:002008-08-10T04:11:00.000-07:00I obviate the need to use CSS by simply creating a...I obviate the need to use CSS by simply creating a dummy anchor node and getting its (unvisited) colour.<BR/>The browser's visited colour can also be obtained by setting the dummy anchor's href to document.URL.<BR/><BR/>See my code in action at <A HREF="http://www.ooltra.net/" REL="nofollow">OOltra.net</A>Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-9574917538269711882008-06-20T04:58:00.000-07:002008-06-20T04:58:00.000-07:00Good Job! :)Good Job! :)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-23692573012392060892008-06-06T21:36:00.000-07:002008-06-06T21:36:00.000-07:00nice trick.nice trick.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-35141913879153172272008-05-30T08:14:00.000-07:002008-05-30T08:14:00.000-07:00The fix for Opera is easy: just compare the color ...The fix for Opera is easy: just compare the color to "#ff0000" as well as the other form.Jed Davishttps://www.blogger.com/profile/11228234046083389226noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-70218270165562156412008-05-30T03:03:00.000-07:002008-05-30T03:03:00.000-07:00I visited http://ha.ckers.org/weird/CSS-history-ha...I visited http://ha.ckers.org/weird/CSS-history-hack.html and I felt pretty smart when I saw that the 'visited' section listed _nothing-.<BR/>I'm running Firefox2 (Swiftweasel) 32bit undere Linux Ubuntu 8.04 AMD64.<BR/><BR/>I suspect that what did the trick for me was the fact that I disabled my disk cache and set Firefox to always delete all cookies on exit.<BR/>Howeven, not even the latest sites I visited after last Firefox start were listed. I guess I got my settings just right.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-79941361983054407762008-03-26T07:10:00.000-07:002008-03-26T07:10:00.000-07:00I moved the Poc to this URL:http://ha.ckers.org/we...I moved the Poc to this URL:<BR/><BR/>http://ha.ckers.org/weird/CSS-history-hack.htmlJeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-29283827018374143122008-03-26T07:05:00.000-07:002008-03-26T07:05:00.000-07:00wait a sec. I'll have to agree with the previous p...wait a sec. I'll have to agree with the previous poster on this one. i can't see any "I know where you've been" list. Also, many of the sites that are listed aren't where I've been.<BR/><BR/>I also call this a massive failure.faith:)https://www.blogger.com/profile/05152984023351250791noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-166428532645610622008-03-23T10:02:00.000-07:002008-03-23T10:02:00.000-07:00I actually didn't even see the "I know where you'v...I actually didn't even see the "I know where you've been" heading on the right side column.<BR/><BR/>Underneath the blog text I saw a large list of sites in what seemed to be the source code, most of which I've never been to.<BR/><BR/>I know I've never been to ciribank.com, that's for sure.<BR/><BR/>Honestly, I don't even do anything about security in my browser, sans using Firefox and adblock, I don't even use NoScript.<BR/><BR/>I'd have to call this a massive failure.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-71818172025709199032007-10-26T03:13:00.000-07:002007-10-26T03:13:00.000-07:00That is necessary. Thanks! Badly that only under f...That is necessary. Thanks! Badly that only under firefox.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-50105703161807957812007-09-19T07:20:00.000-07:002007-09-19T07:20:00.000-07:00Hi James, that code was designed for Firefox, neve...Hi James, that code was designed for Firefox, never really worked well for IE. Others had ported it and got it working fine, but you'd to search around to find it.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-15034521844672906202007-09-19T01:47:00.000-07:002007-09-19T01:47:00.000-07:00I referenced the color in IE using the currentStyl...I referenced the color in IE using the currentStyle property, but it returns "#0000FF" for all links (and the links show up blue on screen as well). Any thoughts?<BR/><BR/>Posted By <A HREF="http://www.hotels-blackpool.com" REL="nofollow">Blackpool Hotels</A><BR/>Date: <A HREF="http://www.hotelsblackpoolguide.co.uk" REL="nofollow">19th September 2007</A>Jameshttps://www.blogger.com/profile/04611949832688716416noreply@blogger.com