I seem to recall that HD Moore (I believe that's his name) showed this at Blackhat 2006 in Las Vegas, but his did use javascript.
Thomas J. Raef We Watch Your Website "We Watch Your Website - so you don't have to!" > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Paul Ferguson > Sent: Saturday, June 13, 2009 4:01 PM > To: [email protected] > Subject: [funsec] Interesting: Stealing your browser history... > withoutJavaScript! > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > FYI: > > http://www.making-the-web.com/misc/sites-you-visit/nojs/ > > - - ferg > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.5.3 (Build 5003) > > wj8DBQFKNBNmq1pz9mNUZTMRAkRRAJ0dGV8Mw3pf+R2Z9Va7JrBeUCKVUQCg6H5t > RScMLFKztS/fx90StlPL67E= > =JThT > -----END PGP SIGNATURE----- > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawgster(at)gmail.com > ferg's tech blog: http://fergdawg.blogspot.com/ > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
