This is an example of how the original CSS history hack found by Jeremiah Grossman can be modified to work without a single line of JavaScript and in Firefox can be used to force-navigate (again without JavaScript) to detect internal webservers behind a firewall. It uses the fact that properties within display: when combined with a:visited creates conditional logic. That condition will not fire certain things within the block. In this case I am including a nonexitant background image background: url(...); set in the CSS itself that is seemless to the user. The image actually points to a CGI script with the information about the URL that has been visited and is then logged along with the IP address of the user for later retrieval.

This is a touch slow, as you might expect, because it's having to wait for HTTP timeouts. It's also noisy in the case of basic/digest/NTLM authentication and will cause a popup in that case. This should be mitigated by the SafeHistory plugin in Firefox or by turning off history in Firefox but turning off JavaScript has no effect on the technique in the browser tested (Firefox 3.5.7). This did not work in Opera 9.02 or IE8.0 when tested (it doesn't work in IE8.0 probably because IE8.0 requires the dom to be the parent before it considers it visited).

- By RSnake