Remotely Sniffing Browser History via XSS Using HSTS + CSP

This is a PoC to remotely capture domains a user has visited by using Cross-Site Scripting and HSTS/CSP timing attacks. All credits for the original exploit go to @bcrypt which can be downloaded here: The source code below is a modified version of the original PoC which allows remote exploitation of clients and dumping of positive matches to a target web server.

Video Demo

PoC/Exploit Code:

Author: @bcrypt
Modified by: 1N3 @CrowdShield

Leave a Reply