On High-Precision JavaScript Timers

Posted on December 18, 2021 in Security • Tagged with spectre, meltdown, cache-attacks, high-precision-timing, JavaScript • 10 min read

I in this blog post, I am investigating the current state of high precision JavaScript timers. High precision timing techniques were mostly used to launch CPU-level cache attacks such as Spectre and Meltdown from the browser. I am interested in other use cases though...

Continue reading

Why does this Website know that I am sitting on the Toilet?

Posted on February 05, 2021 in Security • Tagged with JavaScript, deviceorientation, devicemotion • 3 min read

Android mobile devices give to any website device orientation and device motion data. This data is quite sensitive in nature and should not be granted to websites without obtaining explicit user consent.

Continue reading

Browser Red Pills: Why are you browsing my website from AWS Lambda?

Posted on January 17, 2021 in Security • Tagged with red pill, Bot, Advanced Bots, JavaScript, Puppeteer, Playwright • 6 min read

Advanced bots use modern browsers and automation frameworks such as puppeteer and playwright. It becomes increasingly hard to distinguish bots from real human traffic, therefore, new methods are required.

Continue reading

Browser based Port Scanning with JavaScript

Posted on January 10, 2021 in Security • Tagged with browser, port scanning, JavaScript • 10 min read

In this article, various techniques to conduct port scanning from within the browser are developed. Modern JavaScript is used.

Continue reading

Detecting uBlock Origin and Adblock Plus with JavaScript only

Posted on December 27, 2020 in JavaScript • Tagged with Adblock Plus, uBlock Origin, Adblock Detection, JavaScript • 5 min read

There are many resources in the Internet that show how to detect uBlock Origin and Adblock Plus. However, after some research, it became clear that most detection methods are unreliable and cease to exist after a while. In this blog article, a reliable detection method for uBlock Origin and Adblock Plus is demonstrated. No external libraries. Just plain and simple JavaScript.

Continue reading

Behavioral Analysis: Recording Mouse Movements and other User Interactions with JavaScript

Posted on December 24, 2020 in Programming • Tagged with Behavioral Analysis, JavaScript, Analytics, Mouse, Touch Events, Mobile, visibilitychange • 10 min read

In this blog post, I will introduce a JavaScript library that allows to track various user interactions of website visitors. Several key problems that arise when creating a JavaScript analytics application will be discussed and solved in this blog post.

Continue reading