Remotely Sniffing Browser History via XSS Using HSTS + CSP
This is a PoC to remotely capture domains a user has visited by using Cross-Site Scripting and HSTS/CSP timing attacks. All credits for the original exploit go to @bcrypt which can be downloaded here:
https://github.com/diracdeltas/sniffly The source code below is a modified version of the original PoC which allows remote exploitation of clients and dumping of positive matches to a target web server.
Modified by: 1N3 @CrowdShield