Well the old trick still works but I just wasn’t satisfied with that. I really like to break Privoxy for some reason. I have nothing against it, it just seems like a kludge to me. A Kludge that needs to be broken. So I decided to come up with another way to do the exact same thing, only in a trickier way. This time I used a technique stolen right out of Jeremiah’s handbook. I used CSS and JavaScript to detect if an embedded CSS file works or not.

Click here with Privoxy and JavaScript turned on to have it detect you. That’s right, I noticed that Privoxy had it’s own custom style sheet. It embeds it whenever it gives you an error message (which is relatively often). That style sheet overwrites a particular class called “warning”. So I created an EM tag with a warning class, and then wrote a little peice of JavaScript stolen almost word for word from Jeremiah’s CSS history hack and poof.

You can now (again) detect if users are using Privoxy, which might tell you something about them, or may cause you to take different actions based on that fact. Privoxy isn’t so private after all.

This entry was posted on Wednesday, December 20th, 2006 at 1:06 pm and is filed under Webappsec, Random Security. You can leave a response as well.