Rapid history extraction through non-destructive cache timing (v8)

non-destructive extraction of browsing history by observing cache timings, without exploiting any specific browser quirks. Such attacks were historically regarded as fairly impractical, slow, and noisy - and perhaps more importantly, the initial measurement inevitably tainted the cache for the foreseeable future (such is the case in the well-known The goal here is to implement fast, reliable, andextraction of browsing history by observing cache timings, without exploiting any specific browser quirks. Such attacks were historically regarded as fairly impractical, slow, and noisy - and perhaps more importantly, the initial measurement inevitably tainted the cache for the foreseeable future (such is the case in the well-known paper by Ed Felten ). Consequently, as opposed to CSS :visited selectors , no realistic plans have been made to address the underlying weakness, spare some experimental and now-defunct browser add-ons. While this code is still somewhat crude and fails for a small percentage of visitors, it appears that repeated high-performance cache sniffing is a viable possibility. The approach should allow several hundred URLs to be tested per second without disrupting the cache or causing other side effects. For more, check out these links: A better explanation of the goals can be found on my blog,

The comments in the source code outline the algorithm in some detail,

Lastly, if you want to buy a brick, "The Tangled Web" may be for you!

Please select the version you wish to view:

PS. You may also want to check out a "competing" variant inspired by my original post - see here. The author is leveraging image timing for Firefox, and noticing that in WebKit, image navigation can be aborted with window.stop(). His code is fairly sensitive to machine performance and does not work for me very reliably, but it's a good alternative in non-MSIE browsers.