This is a PoC to remotely capture domains a user has visited by using Cross-Site Scripting and HSTS/CSP timing attacks. All credits for the original exploit go to @bcrypt which can be downloaded here: https://github.com/diracdeltas/sniffly
The source code below is a modified version of the original PoC which allows remote exploitation of clients and dumping of positive matches to a target web server.
Modified by: 1N3 @CrowdShield
Published by CrowdShield on 11/26/2015 [Blog Home] sniffly,browser,history,xss,exploit,poc,demo,1N3,CrowdShield,2015