Attack Principle

XS-Search

October 1, 2020
Category Attack, Attack Principle
Defenses Fetch Metadata, SameSite Cookies

Cross-site search (XS-Search) is an important attack and principle in the family of XS-Leaks. The attack abuses Query-Based Search Systems to leak user information from an attacker origin 1 2. The original attack used timing measurements to detect whether or not a search system returned results and works as follows: Establish a baseline time for a request returning results (hit) and a baseline for a request with no results (miss). ...