Skip to content

Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"

License

Notifications You must be signed in to change notification settings

cispa/xs-observations

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

XS-Observations

This repository contains the code for our paper: "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web" IEEE S&P 2023.

The code is split up in the Test Browser Framework (TBF; Chapter III) and the Does-it-leak Pipeline (DIL; Chapter IV).

Automatically discover observation channels in browsers that leak information cross-site and create decision trees to visualize the leak capabilities of the observation channels. More details and explanations on how to run and extend the framework are in the TBF Readme.

Scan websites for XS-Leaks in a fully automatic manner (visit inference, cookie acceptance inference, and custom states such as login). More details in the DIL Readme.

Contact

If there are questions about our tools or paper, please either file an issue or contact jannis.rautenstrauch (AT) cispa.de.

Research Paper

The paper is available at the IEEE Computer Society Digital Library.

You can cite our work with the following BibTeX entry:

@inproceedings{rautenstrauch2024xsleaks,
 author = {Rautenstrauch, Jannis and Pellegrino, Giancarlo and Stock, Ben},
 booktitle = {IEEE Symposium on Security and Privacy},
 title = {{The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web}},
 year = {2023},
 doi = {10.1109/SP46215.2023.10179311},
}

About

Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published