diracdeltas/sniffly

Stars
934
Rank 48,927 (Top 1.0 %)
Language
JavaScript
License
MIT License
Created about 9 years ago
Updated over 7 years ago

diracdeltas/sniffly

diracdeltas

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Sniffing browser history using HSTS

Sniffly2

Sniffly2 is a variant of Sniffly which abuses HTTP Strict Transport Security headers and the Performance Timing API in order to sniff your browsing history in Chromium-based browsers.

Demo

Visit http://diracdeltas.github.io/sniffly in Chrome/Chromium/Brave/etc. with HTTPS Everywhere disabled.

Caveats:

does not work on mobile or Firefox
does not work over HTTPS due to mixed content blocking.
adblockers may taint results

Acknowledgements

crbug436451, reported by [email protected], for the idea of probing port 443 over HTTP
Scott Helme for providing an initial list of HSTS hosts

FastestWebsiteEver

ultrafast single TCP packet audio/visual experience

tweets

janky twitter replacement.

spleeter4max

separate audio in ableton into stems using Spleeter

niceware

Generate or convert random bytes into passphrases in Node and the browser.

rekordbox-scripts

python scripts for automating music management in rekordbox

signal-muon

Signal Desktop using https://github.com/brave/muon instead of Chrome. Not affiliated with WhisperSystems.

dotfiles

Useful config-related files

random-training

site that generates random workout routines

reading

what i'm reading. read me.

icowid-generator

markov bot based on ICO whitepapers and erowid trip reports

aliaser

demucs4max

Demucs as a max4live device

tabulous

Collapse all Firefox tabs to a single tab (inspired by Chrome OneTab)

apc40mk2

CDJ-style looping control mapping for the APC40MKII ableton midi controller

SoundDrop

untrustCA

Tools for untrusting Certificate Authorities

canary

blog

vastly-improved Hugo-fied version of my blog

snowflake-cli

nodejs CLI tool for https://snowflake.torproject.org/

festival

generate festival lineups based on your SoundCloud likes

erowid-reader

website that reads you random erowid reports using the Speech Synthesis API

heartbox

Fast way to set up and test Heartbleed attack on a FreeBSD 10.0 virtualbox w/ Apache 2.4

code-integrity-everywhere

https://securedrop.hackpad.com/Code-Integrity-Everywhere-jKSUBY1civF

safebox

simple encrypted file-sharing web app, intended for use with sandstorm.io.

poc-site

quick site for HTML / JS POCs

diracdeltas.github.io

fp-soundcloud

birthday

A cute Processing script that lets someone blow out a candle on their birthday

hsts-everywhere

Bootstrap HSTS preloading with HTTPS Everywhere rules

torbutton

Mirror of https://gitweb.torproject.org/torbutton.git

gater

gated one-shot recorder

beatsbywatson

pdfjs-brave

Builds of https://mozilla.github.io/pdf.js/ for Brave Laptop

quic-request

QUIC webRequest bypass demo

unapplied-rule-finder

Unapplied rule finder for HTTPS Everywhere

mrbill4max

supersecret

demo of referer leakage on github

azuki.vip

hi i like pyramids

end-to-end

Fork of main end-to-end for integration with Yahoo mail.

badssl

unableton

ableton projects + git = ???

tavis

chatgpt-games

fun games auto-generated by chatgpt