XS-Leaks, or Cross-Site Leaks, are a type of security vulnerability that can occur when sensitive data is inadvertently leaked from one website to another. This library provides a comprehensive set of functions and tools to assist researchers in identifying, testing, and exploiting XS-Leaks vulnerabilities.
More informations about XS-Leaks can be found in the XS-Leaks Wiki.
- Error probing (using
onerrorandonloadevents andscripttags) - Network Timing (using
performance.now())- Fetch method (using
fetchAPI) - Image method (using
imgtag) - Frame method (using
iframetag)
- Fetch method (using
- Cache Probing
- Frame Counting
Just include the xsl.js file in your HTML page.
// Using callback XSL.probeError({ url: "https://example.com", timeout: 1000, timeoutShouldReturn: true, callback: function (result) { console.log(result); } }); // Using promise XSL.probeError({ url: "https://example.com", timeout: 1000, timeoutShouldReturn: true }).then(function (result) { console.log(result); });
Learn more about this method : XS-Leaks Wiki - Error Events.
- Fetch method
// You can with this method specify options like the method, headers, body, etc. // Using callback XSL.fetchTimed({ url: "https://example.com" callback: function (result) { console.log(result); } }); // Using promise XSL.networkTiming({ url: "https://example.com" }).then(function (result) { console.log(result); });
- Image method
// Using callback XSL.imageTimed({ url: "https://example.com", callback: function (result) { console.log(result); } }); // Using promise XSL.imageTimed({ url: "https://example.com" }).then(function (result) { console.log(result); });
- Frame method
// Using callback XSL.frameTimed({ url: "https://example.com", callback: function (result) { console.log(result); } }); // Using promise XSL.frameTimed({ url: "https://example.com" }).then(function (result) { console.log(result); });
Learn more about this method : XS-Leaks Wiki - Network Timing.