samyk / evercookie

Produces persistent, respawning "super" cookies in a browser, abusing over a dozen techniques. Its goal is to identify users after they've removed standard cookies and other privacy data such as Flash cookies (LSOs), HTML5 storage, SilverLight storage, and others.
https://samy.pl/evercookie/
4.43k stars 662 forks source link

Added hsts cookie support #99

Closed SleepProgger closed 9 years ago

SleepProgger commented 9 years ago

Hi, i just finished the hsts-cookie port to evercookie. It is a bit awkward as the get function is called before the set function finishes. But it should all be working (in fact it does on my system).

Again about the limitations of this technique:

samyk commented 9 years ago

Pretty cool -- I understand there's an implementation available with only a single, non-wildcard certificate -- I'm at Toorcon right now and Yan is speaking about it in a few hours. Will see if I can add more info on that...

SleepProgger commented 9 years ago

Sounds interesting. I'd love more info on that. Otherwise i'd have to wait till the Toorcon videos are being uploaded
Found the slides from the talk. Using the timing as response is definitely interesting (esp. as "history hack"), but i don't see how it helps with the certificate issue, or do you know more as i do ? ;)

Also am currently trying another variant of collecting that information based on redirects ( described here ). This might be the better solution for evercookie.