Fork from https://github.com/xsleaks/wiki
由于本人翻译水平有限,所以本翻译保留了原文,方便进行对照。
内容中有一些单词我感觉很难翻译出原本的意思,故保留了英文。若你感觉有更好的翻译方式,可提交 issue
48/48 点击展开进度详情
-
README.md
-
_index.md
-
attacks/_index.md
-
attacks/xs-search.md
-
attacks/window-references.md
-
attacks/navigations.md
-
attacks/css-tricks.md
-
attacks/frame-counting.md
-
attacks/error-events.md
-
attacks/cache-probing.md
-
attacks/element-leaks.md
-
attacks/id-attribute.md
-
attacks/postmessage-broadcasts.md
-
attacks/browser-features/_index.md
-
attacks/browser-features/corb.md
-
attacks/browser-features/corp.md
-
attacks/timing-attacks/_index.md
-
attacks/timing-attacks/clocks.md
-
attacks/timing-attacks/connection-pool.md
-
attacks/timing-attacks/execution-timing.md
-
attacks/timing-attacks/hybrid-timing.md
-
attacks/timing-attacks/network-timing.md
-
attacks/timing-attacks/performance-api.md
-
attacks/experiments/_index.md
-
attacks/experiments/portals.md
-
attacks/experiments/scroll-to-text-fragment.md
-
attacks/css-injection.md
-
attacks/historical/_index.md
-
attacks/historical/content-type.md
-
attacks/historical/stateful-browser-features.md
-
defenses/_index.md
-
defenses/opt-in/_index.md
-
defenses/opt-in/coop.md
-
defenses/opt-in/corp.md
-
defenses/opt-in/document-policies.md
-
defenses/opt-in/fetch-metadata.md
-
defenses/opt-in/same-site-cookies.md
-
defenses/opt-in/xfo.md
-
defenses/design-protections/_index.md
-
defenses/design-protections/cache-protections.md
-
defenses/design-protections/subresource-protections.md
-
defenses/isolation-policies/_index.md
-
defenses/isolation-policies/framing-isolation.md
-
defenses/isolation-policies/navigation-isolation.md
-
defenses/isolation-policies/strict-isolation.md
-
defenses/secure-defaults/_index.md
-
defenses/secure-defaults/corb.md
-
defenses/secure-defaults/partitioned-cache.md
demo 文件夹中是我根据 wiki 以及一些已有代码,尝试写的 poc/exp,仅供参考。
后续会持续补充 CTF 题当做 demo,若你有好的题目想分享,直接提 issue 即可。
- 安装 Hugo 框架 补充 版本需要 > 0.68
- 克隆本仓库
- 在根目录中运行
hugo server --minify
- 访问 http://localhost:1313 (或者按照 hugo 的输出来访问)
- 执行
hugo --buildDrafts
本仓库的每次 Pull Request 都会触发 Github Actions 进行自动化部署与推送 XS-Leaks Wiki。为了将 Github Actions 用在 Github Pages 中,我们用到了 actions-gh-pages。为了通过 Hugo Framework 来自动化化部署网站,我们还用到了 actions-hugo。
为了让 workflow 有权限访问本仓库,我们用到了 deploy_key,它属于本仓库的私有设置。