Jeremiah and I were talking about more potential uses for the XST stuff he came up with. Although it’s not particularly useful for the original purpose he came up with it for (due to the fact that it is using Java and Java doesn’t send the cookies necessary for real credential theft) it does have one other interesting potential use. Because it connects out of bounds of the client (and pretty much ignores the client in general) it’s a pretty slick way to de-anonymize users.

Although it doesn’t use the browser’s normal credentials it does bypass proxies pretty nicely. So unless the client is set up to send all TCP packets through another host, this would do a nice job of allowing the website to know the real address of the user. I will say, however, that due to it’s buggy nature and the fact it basically causes my browser to hang, it may not be optimal, but rarely things are with these sorts of hacks. Interesting anyway!