To do this, I have setup an IFRAME within a website (I'll have to check and see if this works by loading a page as if it were a script, but that's later on the agenda). I then use JavaScript to reload the page and then load the page that the page would have directed to. Let's look at an example.
When you go to http://reddit.com/submit and you are logged in, the /submit page is shown. When you are not logged in, you are redirected to https://ssl.reddit.com/login?dest=%2Fsubmit, the standard Reddit login page. My script first loads the submit page. If the user is logged in, the page loads, saving its load time to a variable. Then, the timer is reset and the standard login page is loaded. The end result boils down to these facts:
If you ARE logged in, the submit page will load quicker than the login page because no redirect is needed when the submit page is loaded.
If you ARE NOT logged in, the login page will load quicker because the submit page requires a redirect and the login page does not.
There are a few problems that prevent this script from being a 100%. First, despite an initial page load that doesn't count towards the load timer, caching of the browser is not fully predictable. One page may be cached more than another. Second, although the two page loads are performed within 1.2 seconds of each other, network and remote server conditions could change within that time, causing one page to load faster. This is more of a proof-of-concept than a reliable script, but it does show that a remote page could attempt to guess all of the services you use by loading remote pages in hidden IFRAMEs.
See if it works for you: http://blasze.com/loggedin/
Source:
<html>
<head>
<script type="text/javascript">
var startTime=new Date();
var a;
var b;
var done = 0;
function currentTime(){
if(done == 0)
{
done = 1;
var ms = 1200;
ms += new Date().getTime();
while (new Date() < ms){}
startTime=new Date();
document.getElementById('framer').src="http://www.reddit.com/submit";
}
else if(done == 1)
{
a=Math.floor((new Date()-startTime)/100)/10;
if (a%1==0) a+=".0";
done = 2;
var ms = 1200;
ms += new Date().getTime();
while (new Date() < ms){}
startTime=new Date();
document.getElementById('framer').src="https://ssl.reddit.com/login?dest=%2Fsubmit";
}
else
{
b=Math.floor((new Date()-startTime)/100)/10;
if (b%1==0) b+=".0";
if(a > (b + .1))
{
document.write('You are not logged into Reddit.');
}
else
{
document.write('You are logged into Reddit.');
}
}
}
</script>
</head>
<body>
<iframe id="framer" src="http://www.reddit.com/submit" onLoad="currentTime()" style="display:none;"></iframe>
</body>
</html>
No comments:
Post a Comment