An interesting way of fetching for the browser history (at least part of it) has been posted by Jeremiah Grossman. More than a security flaw with the browser itself, it is more of a clever exploitation (hack) of some of the DOM functionality offered by most modern browsers. The trick involves going thorugh a predefined list of commonly visited URLs (ie: www.google.com, www.microsoft.com, etc), writing them out to the document as anchor elements with their :visited class modified to a predefined value, then traversing the list of anchors checking to see which ones have their css values altered. Whichever anchor has the altered :visited properties can be assumed to be a URL in the browser history.
Archive for August, 2006
General on August 25th, 2006 by loconet – Be the first to comment