[WEB SECURITY] fast and sort-of-reliable cache timing

Michal Zalewski lcamtuf at coredump.cx
Fri Dec 2 19:09:24 EST 2011


Not particularly exciting, but perhaps of some interest to the audiences here:

http://lcamtuf.coredump.cx/cachetime/

It's a fairly crude hack, so it will probably fail spectacularly in
some circumstances, but the bottom line is that you can probably do
high-performance, repeated cache timing. The most important trick here
is to abort navigation so that the requested URL never actually gets
requested and cached if not already in cache.

Cheers,
/mz




More information about the websecurity mailing list