XS-Leaks Attack Demo
Each attack generates a phishing link. When Alice opens it, her browser runs the attack silently and results appear here in real time. Toggle protection on the victim to see attacks fail.
Step 1
Alice logs into intravault.test:3000Step 2
Pick an attack, copy the phishing linkStep 3
Open the link as Alice in her browserStep 4
Watch results arrive here via SSE
Required /etc/hosts entries β add these two lines so both domains resolve locally:
Then visit the victim as
127.0.0.1 intravault.ssc-primesec.de
127.0.0.1 attacker.ssc-primesec.de
Then visit the victim as
https://intravault.ssc-primesec.de
and this console as https://attacker.ssc-primesec.de.
01
XS-Search β Error Events
Scans alice's private messages for keywords using <script> onload / onerror side channels.
onload vs onerror
02
Frame Counting
Counts matching documents by reading iframe.contentWindow.length β cross-origin accessible by spec.
window.length
03
Network Timing
Discovers alice's salary history by timing how long each report endpoint takes to respond.
fetch() timing