Total Recall No Javascript

My friend Ronald has a excellent post where he uses XML to gather entities from the various extensions to check if they are installed. Awesome stuff! The problem though is that it requires Javascript to be successful. I wanted a way to check any extension even if they had Javascript disabled or noscript installed. The following POC detects noscript even when you have a site as untrusted.

Check the POC here (detects just noscript at the moment):-
Total Recall noscript


kuza55 (Alex) also did a great POC with CSS:-
CSS extension detect

4 Responses to “Total Recall No Javascript”

  1. kuza55 writes:

    The link to the source doesn’t seem to be working atm…

    I’m not sure if it’s working or not since when I disable NoScript, it still detects it, even though the referenced entity is no longer valid, and when i tried the detection code locally the meta refresh fires even when the extension is disabled :S

    I hope this is just on my end, since some extensions don’t have css files, though I’m not sure how many extensions have dtd files but no css files….

    Here’s to hoping for more non-JS based recon 🙂

  2. Gareth Heyes writes:

    Oooops sorry the source should work now

  3. tenest writes:

    I dont think its working properly. It states that the only extension I have installed is noscript, but in this FF instance, I do not have noscript installed. false positive.

  4. Gareth Heyes writes:


    I did test this successfully maybe a slight bug in the code somewhere I’ll double check this