Cross-site search (XS-Search) is an important attack principle in the family of XS-Leaks. This type of attack abuses Query-Based Search Systems to leak user information from an attacker origin 12. The original attack uses timing measurements to detect whether or not a search system returns results and works as follows: Establish a baseline of the time needed for a request to return results (hit), and a baseline for the time needed by a request with no results (miss). Start a timing attack on ...
