Side-channeling...

Characters prepended to URL host. check if difference between URL and a tag - Shazzer

Characters prepended to URL host. check if difference between URL and a tag

Characters ignored in URL, which yield in the same host property. Additionally it checks if the HTML a tag parses anything differently. This is just a simple modification of another fuzzing vector by hansmachine. It should not produce any results

Bug Hunter

Created byInsertScript

Created Jan 10, 2025

Updated May 27, 2025

Detecting browser...

CategoryURL Handling

VisibilityPublic

TypeJS

CharsetUTF-8

Template used:

if (new URL("https://a.com$[chr]/b").host=="a.com"){0x0D
  var t=document.createElement("a");0x0D
  t.href="https://a.com$[chr]/b";0x0D
  if (t.host != "a.com")0x0D
  {0x0D
    log($[i]);0x0D
  }0x0D
}0x0D
if (new URL("https://$[chr]a.com/b").host=="a.com"){0x0D
  var t=document.createElement("a");0x0D
  t.href="https://$[chr]a.com/b";0x0D
  if (t.host != "a.com")0x0D
  {0x0D
    log($[i]);0x0D
  }0x0D
}

Distributed Fuzzing

Characters prepended to URL host. check if difference between URL and a tag

Fuzz results