Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks

Abstract: In a Cross-Origin State Inference (COSI) attack, an attacker convinces a victim into visiting an attack web page, which leverages the cross-origin interaction features of the victim's web browser to infer the victim's state at a target web site. COSI attacks can have serious consequences including determining if the victim has an account or is the administrator of a prohibited target site, determining if the victim owns sensitive content or is the owner of a specific account at the target site.While COSI attac… Show more

“…One of this paper's main contributions is to evaluate the impact of XS-Leak attacks on different web browsers 𝑤 ∈ 𝑊 . We systematically extend the work of Sudhodanan et al [51] by including a broad set of relevant browsers, both desktop and mobile, and extending the set of XS-Leak attacks significantly.…”

“…ContentDocument XFO Sudhodanan et al [51] In GC, when a page is not allowed to be embedded on a cross-origin page because of X-Frame-Options, an error page is shown.…”

“…Formal Modelling and Testing. Sudhodanan et al [51] gave the first classification of existing XS-Leaks. They surveyed related work, both academic and non-academic, added further attack classes, and showed that XS-Leaks are a novel paradigm in attacks on privacy.…”

“…Current mitigations mainly focus on the inclusion methods. 4 out of 7 mitigations discussed in [51] are related to HTTP headers, which only may be effective against certain inclusion methods. For example, SameSite=Lax cookies are only effective if the target resource is included as an iframe, but not if it is called with window.open.…”

“…For example, SameSite=Lax cookies are only effective if the target resource is included as an iframe, but not if it is called with window.open. We introduce a novel class of mitigations, which in Sudhodanan et al [51] is only present as a short analysis of the Tor browser. This class of mitigations targets the leak techniques𝑇 and can be sketched as follows: if our evaluation (Table 2) shows that some web browsers are immune to certain XS-Leaks, this indicates that the corresponding leak techniques can be fixed by changing the browser implementation.…”

XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers

“…One of this paper's main contributions is to evaluate the impact of XS-Leak attacks on different web browsers 𝑤 ∈ 𝑊 . We systematically extend the work of Sudhodanan et al [51] by including a broad set of relevant browsers, both desktop and mobile, and extending the set of XS-Leak attacks significantly.…”

“…ContentDocument XFO Sudhodanan et al [51] In GC, when a page is not allowed to be embedded on a cross-origin page because of X-Frame-Options, an error page is shown.…”

“…Formal Modelling and Testing. Sudhodanan et al [51] gave the first classification of existing XS-Leaks. They surveyed related work, both academic and non-academic, added further attack classes, and showed that XS-Leaks are a novel paradigm in attacks on privacy.…”

“…Current mitigations mainly focus on the inclusion methods. 4 out of 7 mitigations discussed in [51] are related to HTTP headers, which only may be effective against certain inclusion methods. For example, SameSite=Lax cookies are only effective if the target resource is included as an iframe, but not if it is called with window.open.…”

“…For example, SameSite=Lax cookies are only effective if the target resource is included as an iframe, but not if it is called with window.open. We introduce a novel class of mitigations, which in Sudhodanan et al [51] is only present as a short analysis of the Tor browser. This class of mitigations targets the leak techniques𝑇 and can be sketched as follows: if our evaluation (Table 2) shows that some web browsers are immune to certain XS-Leaks, this indicates that the corresponding leak techniques can be fixed by changing the browser implementation.…”

XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers

Leakuidator: Leaky Resource Attacks and Countermeasures

The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies