What is the method to illegally acquire the browsing history of the user who visited the website?



When using the Internet, links on previously visited pages may appear in a different color. This utilizes the

CSS pseudo-class ' :visited ', which is a style sheet language, and allows you to determine the pages and links you have visited at a glance. However, some users abuse the :visited pseudo-class to obtain the user's website browsing history. Security researcher Varun Biniware explains how to retrieve browsing history using the :visited pseudo-class.

Retrieving your browsing history through a CAPTCHA
https://varun.ch/history

As you browse the website, you visit various linked pages. At that time, sites that have been visited may be displayed in purple, and sites that have not been visited may be displayed in blue. It uses the CSS pseudo-class :visited. By highlighting the pages that have been visited once, users can browse comfortably by choosing which pages to visit.

However, some users want to use it for marketing and advertising by acquiring the browsing history of users who visited the site. Therefore, use the CSS property ' background-image ' to set the background image on the web page to send the browsing history of the visiting user to the corresponding server, or use ' Window.getComputedStyle() ' to change the color of the link It seems that they are changing the



In addition, by using :visited to create links that can only be seen by users who have visited the site, or by hiding the links, we collect information about what sites users are visiting. becomes possible.

Browser vendors such as Mozilla and Google are also aware of this problem, and Mozilla

says , ``In rare cases, even visited websites may be displayed as unvisited.'' Mozilla also protects users from unauthorized browsing history retrieval by restricting the styles that can be applied to visited links.

In addition, the open source web browser code base ' Chromium ', which is based on browsers such as Microsoft Edge and Opera, protects users from leakage of browsing history by dividing the key necessary for checking the browsing history into three. We are considering taking action.

However, it is believed that there are countless ways to compromise browsing history, leading to a cat-and-mouse game between attackers who want to capture history and browser vendors who want to protect users.



Mr. Biniware said, ``Instead of trying to get the browsing history, how about tricking the user to provide the browsing history instead?'' Introducing a proof of concept similar to

reCAPTCHA .

When you access the page below, you will see a screen like reCAPTCHA authentication to check if you are a human and not a bot.

Retrieving your browsing history through a CAPTCHA
https://varun.ch/history



Follow the instructions 'Select all black cells to continue' and click 'DONE'.



Then, a list of pages that the user has visited from the list created by Mr. Biniware and pages that have no access history are displayed



``You're told to follow instructions to prove your humanity, but in reality it's just content that tells you whether you've visited a specific website,'' said Biniware, ``This demo is harmless. However, some malicious websites may use similar techniques to investigate a user's political views or investigate the user's area of residence.'

in Software, Posted by log1r_ut