Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Surreptitiously exfiltrate data from the browser using DNS (github.com)
2 points by eat_veggies 15 days ago | hide | past | favorite | 2 comments

I might be missing something, but couldn't you do this already without relying on DNS prefetching by just attempting a CORS request to an arbitrary subdomain (the subdomain being the data you wish to exfiltrate)? I would expect the browser to do an OPTIONS request to the URL, thus resolve the subdomain.

That's right. You can also use `<link rel=preconnect ...>` to start a TCP handshake, which will also cause the browser to resolve the domain. But by doing these, you're making more noise on the network. The CORS request will show up in dev tools, and it is also unclear how it will behave under a strict CSP (it's worth experimenting with though).

Nevertheless, the server portion of this project doesn't care how you make your DNS queries as long as they are happening.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact