your tracking ID is:
This is a small proof-of-concept for a revived variant of EverCookie based on XHR Preflight Cache Poisoning.
Interesting take aways:
- On the majority of browsers clearing an entire browser cache doesn't fix this ... you have to additionally restart the browser process.
- Tor Browser 'new identity' option fails and user can be corellated with previously used identities.
How this POC works :
- User visits e.g. https://evercookie.0x41.link/xhrpreflight/.
- A JS script generates a number of XHRs in order to set a randomly generated ID in browsers' XHR preflight cache
- Another JS script maps out the previously injected ID from the browsers XHR preflight...
- ID is displayed to the user (this can be used to set the tracking cookie)
How to mitigate this:
Restart your browser and clear entire cache.
All major browsers are affected (04/04/2021)
Author:
Piotr DuszyĆski (@drk1wi) http://duszynski.eu