Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

No-Cors request: Makes no checks for CORS policies. This only applies to specific resources, such as images, CSS files and non-module scripts.

Range requests were never standardised: Because of this, all browsers do different things when dealing with HTML.

By using the fact above, several security issues were found...What should happen when someone requests an audio file from a site then redirects to another site? This probably should redirect (which Chrome and Safari) did, but some browsers did not.

In Firefox, this leaked the frequency, bit depth and channel of the audio (in the header).

In Microsoft Edge, things got much worse. The browser allowed for the web audio API to be called after the redirect. Using this feature, CORS is entirely bypassed! The content of the page was passed back, simply from visiting a site and playing some audio.

Finally, the article concludes with a rant about how standards are important in order to prevent security issues like this one.