Conversation

yan

@bcrypt

·

Oct 25, 2015

thanks for everything, toorcon! browser fingerprinting slides up at https://zyan.scripts.mit.edu/presentations/toorcon2015.pdf… (pdf)

13

103

165

yan

@bcrypt

·

Oct 26, 2015

Replying to

@bcrypt

icymi, sniffing browser history using HSTS/CSP code + demo is up at https://github.com/diracdeltas/sniffly…. it's called that b/c i had a cold last week.

github.com

GitHub - diracdeltas/sniffly: Sniffing browser history using HSTS

Sniffing browser history using HSTS. Contribute to diracdeltas/sniffly development by creating an account on GitHub.

14

179

262

'(·)

@allgebrah

Replying to

@bcrypt

@bcrypt

this + wildcard cert + randomly generated subdomains = supercookie? (apologies if old/unoriginal)

11:02 PM · Oct 26, 2015·Twitter Web Client

yan

@bcrypt

·

Oct 26, 2015

Replying to

@allgebrah

@allgebrah

no that's not how this works; see github readme

1

yan

@bcrypt

·

Oct 26, 2015

Replying to

@bcrypt

@allgebrah

I've seen the attack you're talking about though

1