Thomas Stacey
@t0xodile.com
Penetration tester trying to perform novel research. You can find all of my write-ups and research at https://thomas.stacey.se.
I would so love to share! Or in fact, I 100% will 😅 but not for a while... Just in case it works on more things!
November 18, 2025 at 7:27 AM
I would so love to share! Or in fact, I 100% will 😅 but not for a while... Just in case it works on more things!
Perhaps unsurprisingly (?) this works amazingly on tunnelled responses where subtle differences can be the difference between a new lead and giving up. 🔥
November 13, 2025 at 10:28 AM
Perhaps unsurprisingly (?) this works amazingly on tunnelled responses where subtle differences can be the difference between a new lead and giving up. 🔥
Issue solved by a friend using some client-side magic I won't even pretend I can explain! I've never seen / read about the overall technique before, hoping it's novel as hell 🤞
October 2, 2025 at 9:14 AM
Issue solved by a friend using some client-side magic I won't even pretend I can explain! I've never seen / read about the overall technique before, hoping it's novel as hell 🤞
Oh hang on. Maybe location changes no longer end up in the "credentials" connection pool at all?
October 2, 2025 at 8:36 AM
Oh hang on. Maybe location changes no longer end up in the "credentials" connection pool at all?
Yeah that was my first thought also on a re-read. But it's even weirder than that... specifically cross-domain fetch().then(location=) seemingly refuses to reuse the connection. fetch().then(fetch()) is completely fine (with "no-cors" and creds). But I need to render the content to make this work 😅
October 2, 2025 at 8:31 AM
Yeah that was my first thought also on a re-read. But it's even weirder than that... specifically cross-domain fetch().then(location=) seemingly refuses to reuse the connection. fetch().then(fetch()) is completely fine (with "no-cors" and creds). But I need to render the content to make this work 😅