Sniffing Browser History Without Javascript

Someone discovered a way to sniff sites from your browser history without using Javascript. Instead it uses an iframe that loads a server-side PHP script to do all the heavy lifting.

ITPro Today

June 16, 2009

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Someone discovered a way to sniff sites from your browser history without using Javascript. Instead it uses an iframe that loads a server-side PHP script to do all the heavy lifting.

You can check out the demo here.

This has some fairly significant implications since you might not want other sites to know what sites you're visiting. The upside is that might put a bit of a load on a browser while processing so you might notice something fishy going on - but in most cases I suspect users won't notice anything.

The only defense I can think of at the moment is to not enable iframes - which of course would break many Web sites.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like