This repository contains the code for our paper: "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web" IEEE S&P 2023.
The code is split up in the Test Browser Framework (TBF; Chapter III) and the Does-it-leak Pipeline (DIL; Chapter IV).
Automatically discover observation channels in browsers that leak information cross-site and create decision trees to visualize the leak capabilities of the observation channels. More details and explanations on how to run and extend the framework are in the TBF Readme.
Scan websites for XS-Leaks in a fully automatic manner (visit inference, cookie acceptance inference, and custom states such as login). More details in the DIL Readme.
If there are questions about our tools or paper, please either file an issue or contact jannis.rautenstrauch (AT) cispa.de.
The paper is available at the IEEE Computer Society Digital Library.
You can cite our work with the following BibTeX entry:
@inproceedings{rautenstrauch2024xsleaks,
author = {Rautenstrauch, Jannis and Pellegrino, Giancarlo and Stock, Ben},
booktitle = {IEEE Symposium on Security and Privacy},
title = {{The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web}},
year = {2023},
doi = {10.1109/SP46215.2023.10179311},
}