Comment by mleonhard
5 years ago
Could one perform this attack without redirects by changing the page's DOM.head.link(rel=icon).href value with JavaScript?
5 years ago
Could one perform this attack without redirects by changing the page's DOM.head.link(rel=icon).href value with JavaScript?
Well apparently javascript can be used to modify the favicon dynamically: https://stackoverflow.com/questions/260857/changing-website-... - presumably this will then have the same interactions with the cache.
Perhaps you could just rely on the user navigating across a number of pages on your attack site.