Demo showcasing information leaks resulting from an IndexedDB same-origin policy violation in WebKit.

Related tags

Learning resource demo privacy safari web-application webapp indexeddb security-vulnerability
Overview

Safari 15 IndexedDB Leaks

Description

This demo showcases information leaks resulting from an IndexedDB same-origin policy violation in WebKit (a browser engine primarily used in Safari, as well as all iOS and iPadOS web browsers). You can test this demo on all affected browsers: Safari 15 on macOS, or any browser on iOS and iPadOS 15.

The demo illustrates how any website can learn a visitor's recent and current browsing activity (pages visited in different tabs or windows) using this leak.

For authenticated visitors the demo can leak Google User IDs and profile pictures (if set).

Read our article or watch our screencast on YouTube for more information.

Quick start

You need to install Node.js and Yarn to run the application.

To fetch Google profile pictures as part of the demo, you'll need to provide an People API key. To do that, rename the .env.example file to .env, open .env and add a valid key.

Open this directory in a terminal and run:

yarn install
yarn start

We use eslint to check the code style:

yarn lint
You might also like...

A discord bot that generates Discord Nitro, Hulu accounts, Origin, spotify and VPNs!

A discord bot that generates Discord Nitro, Hulu accounts, Origin, spotify and VPNs!

Discord-Account-Generator-Bot A discord bot that generates Discord Nitro, Hulu accounts, Origin, spotify and VPNs! Tutorial Basically download the fil

Oct 4, 2022

It shows how to escape cross-origin issues for web client and API server using CloudFront routing.

It shows how to escape cross-origin issues for web client and API server using CloudFront routing.

AWS CloudFront의 URL Routing을 이용한 Web Client 및 API Server 구현 여기서는 CliendFront의 URL Routing을 이용하여 Web Client와 API Server를 구현하고자 합니다. Web Client는 Amazon

Nov 20, 2022

Sample code for resizing Images with Lambda@Edge using the Custom Origin. You can deploy using AWS CDK.

Sample code for resizing Images with Lambda@Edge using the Custom Origin. You can deploy using AWS CDK.

Resizing Images with Lambda@Edge using the Custom Origin You can resize the images and convert the image format by query parameters. This Lambda@Edge

Dec 11, 2022

Nftix-demo-ui - Demo UI used in my NFT course on Egghead.io

NFTix Demo UI This repository contains the UI used for my Egghead course on building a NFT ticketing system 🥚 🤓 If you're watching the videos, use t

Dec 17, 2022

The Main Purpose The main purpose of creating an anaonline information system, as an effort responsive to the management of the data of the Members of the Persis Youth based on information technology systems

landing-page-pp landing-page-pp.vercel.app #The Main Purpose The main purpose of creating an anaonline information system, as an effort responsive to

Oct 21, 2022

PouchDB for Deno, leveraging polyfill for IndexedDB based on SQLite.

PouchDB for Deno PouchDB for Deno, leveraging polyfill for IndexedDB based on SQLite. Usage import PouchDB from 'https://deno.land/x/[email protected]

Aug 2, 2022

IndexedDB with usability and remote syncing

IndexedDB with usability and remote syncing

IndexedDB with usability and remote syncing This is a fork of the awesome idb library, which adds the ability to sync an IndexedDB database with a rem

Dec 14, 2022

fetch and process data in web worker, store in indexedDB.

fetch and process data in web worker, store in indexedDB.

Query+ install yarn add query-plus or pnpm add query-plus or npm install query-plus import import { useFetch, usePreFetch } from "query-plus" use

Aug 29, 2022

❇️ Doxor.js : more comfortable interacting with IndexedDB

doxor.js Offline database in Front-End library for interacting with IndexedDB Install Doxor.js using npm npm i doxor.js Creating a database import Do

Oct 3, 2022
Comments
  • in safari ,i can not get data from datebase when my website in a iframe

    in safari ,i can not get data from datebase when my website in a iframe

    iOS: 15.3.1 example: the website url is a.test.com, i open a indexeddb and set some data. in safari , i open two tabs, one is a.test.com , other is b.test.com . but b.test.com include a iframe, and the src is a.test.com. in a.test.com , i can get the indexeddb data, but in b.test.com , the iframe of a.test.com can not get the indexeddb data.

    i guess it is due to Same-origin policy.

    opened by Iamnotromantic 1
Owner
FingerprintJS
Fraud detection API for the Internet
FingerprintJS
GitHub https://safarileaks.com
An experimental webkit-based kernel exploit (Arb. R/W) for the PS5 on 4.03 & 4.50FW

PS5 4.xx Kernel Exploit Summary This repo contains an experimental WebKit ROP implementation of a PS5 kernel exploit based on TheFlow's IPV6 Use-After

Kameleon 5 Nov 17, 2022
Generate deterministic fake values: The same input will always generate the same fake-output.

import { copycat } from '@snaplet/copycat' copycat.email('foo') // => '[email protected]' copycat.email('bar') // => 'Thurman.Schowalter668@

Snaplet 201 Dec 30, 2022
A simple interface module that creates password-policy for your application.

This module is a simple alternate to creating complex native Regex, or tidious multidimensional checks on password-string to check required elements.

Snigdh Shourya 3 Oct 27, 2022
Successor of the flowchart-fun syntax. Store tabular data and graph information in the same document.

graph-selector-syntax A syntax for storing graphs and tabular data in plain text View Examples Installation npm install graph-selector Usage import {

Tone Row 32 Dec 15, 2022
Code Playground is a online application for testing and showcasing user-created and collaborational HTML, CSS and JavaScript code snippets

Code Playground About Code Playground is a online application for testing and showcasing user-created and collaborational HTML, CSS and JavaScript cod

Arshansh Agarwal 5 Dec 17, 2022
Contains html file showcasing Earthquake related data generated in the form of VR model, ArcGIS API with real-time earthquake feed and video of simulation of earthquake generated in blender

Module-EADGI-Project-All about Earthquakes Introduction Contains html file showcasing Earthquake related data generated in the form of VR model, ArcGI

Abhishek Rawat 2 Jun 9, 2022
A community-driven repository showcasing examples using Remix 💿

Remix Examples Welcome to @remix-run/examples! If you have an example you'd like to share, please submit a pull request! This is a community-driven re

Remix 301 Jan 3, 2023
A collection of Aurelia 2 example applications showcasing how to build Aurelia 2 applications and other tasks.

Aurelia 2 Examples A monorepository of a treasure trove of Aurelia 2 example applications you can use as a guide to help you build your own applicatio

aurelia 12 Dec 29, 2022
A robust, secure, and easily deployable image resizing service that resizes, optimizes, and caches images on "the edge," on the fly, built on AWS Serverless technologies. Served by CloudFront via an Origin Access Identity. Executed on Lambda@Edge. Backed by S3. Protected by AWS WAF. Provisioned via CloudFormation. Deployed by the AWS SAM CLI.

Image Flex A robust, secure, and easily deployable image resizing service that resizes, optimizes, and caches images on "the edge," on the fly, built

Horace Nelson 89 Dec 20, 2022
EA Origin platform username checker

Origin EA Origin platform username checker. Instructions [?] Installation "npm i" [?] Fill in your Discord webhook details. "var webhookId = ``;" "va

yani 3 Sep 29, 2022