SW Abuse Demo - OfflineOnload

History Sniffing via SW and Iframe

To test this attack, Follow the below steps

  1. Make sure you are offline
  2. Enter a URL of a site that has SW (with offline support) that has not been visited before (for example, https://love2dev.com)
  3. Click button 'Add Frame' to set it as Frame's URL
  4. At this point, no alert should appear. Connect to internet again and visitng the same URL to make sure its SW is registered
  5. Repeat the steps (1-3) again. The onload event would be activated and an alert box is shown
  6. This test could be repeated for a URL that doesn't register a SW. The alert would not be shoen in offline mode even if the page was visited earlier

Enter Frame Src URL: