Browser history sniffing through CSS & Javascript


An interesting way of fetching for the browser history (at least part of it) has been posted by Jeremiah Grossman. More than a security flaw with the browser itself, it is more of a clever exploitation (hack) of some of the DOM functionality offered by most modern browsers. The trick involves going thorugh a predefined list of commonly visited URLs (ie: www.google.com, www.microsoft.com, etc), writing them out to the document as anchor elements with their :visited class modified to a predefined value, then traversing the list of anchors checking to see which ones have their css values altered. Whichever anchor has the altered :visited properties can be assumed to be a URL in the browser history.

Here is sample code that should work in Firefox. There are versions that work for IE as well.

Read More