During a recent red-team engagement targeting a Tier-1 financial service provider in Mumbai, we identified a critical oversight in their bastion host configuration. While their web applications were shielded by robust Content Security Policies (CSP) and the latest DPDP Act 2023 compliance frameworks, their Linux terminal environments remained susceptible to side-channel data exfiltration. This vulnerability stems from the way modern terminal emulators handle ANSI escape sequences, effectively mirroring the mechanics of CSS-based data exfiltration in web browsers, often highlighted in the OWASP Top 10.

The Mechanics of CSS-Based Data Exfiltration

CSS data exfiltration relies on the ability of CSS selectors to change the styling of an element based on its attributes. In a web context, an attacker might use an attribute selector to detect the starting character of a CSRF token or a password field. When a match is found, the browser is instructed to load a background image from an attacker-controlled server, effectively "calling home" with the discovered character.

Attribute Selectors as Logic Gates

The core of this attack is the attribute selector, specifically the prefix (^=), suffix ($=), and substring (*=) matchers. We observed that these selectors act as conditional logic gates. If a hidden input field contains a value starting with "a", the CSS rule triggers a network request. By chaining these rules, an attacker can extract a 32-character token in exactly 32 requests, provided they have a method to inject CSS into the page.

The Terminal Parallel: OSC and CSI Sequences

In the Linux terminal, this behavior is mirrored by Operating System Command (OSC) and Control Sequence Introducer (CSI) sequences. Just as CSS can query the state of a DOM element, certain ANSI sequences allow a script to query the state of the terminal. We tested the OSC 11 sequence, which queries the terminal's background color. When the terminal receives this sequence, it responds by writing the color value directly into the standard input (stdin) buffer. Using a browser based SSH client can often mitigate these low-level terminal queries by abstracting the TTY layer.

Querying the terminal background color
printf '\e]11;?\a'

How Inline Style Exfiltration Works in Terminals

In a terminal environment, "inline style exfiltration" occurs when an attacker-controlled script or a malicious file (like a README displayed via cat) sends escape sequences that force the terminal to leak information. This is particularly dangerous in shared sessions or when an administrator is viewing untrusted logs. The terminal treats these sequences as instructions to report its internal state.

The Role of Background Images and External Resources

While standard terminals do not load external images like a browser, modern terminal emulators (e.g., iTerm2, Kitty, or Terminology) support advanced protocols for displaying graphics. We found that these protocols can be abused to trigger outbound network requests. If a terminal supports the "Inline Image Protocol," a malicious sequence can specify a remote URL as the source, leaking the user's IP address and potentially internal metadata.

Exploiting the 'url()' Function Equivalents

In web CSS, the url() function is the primary exfiltration vector. In the terminal, the equivalent is often found in hyperlink sequences (OSC 8). An attacker can wrap sensitive text in a hidden hyperlink that points to a tracking pixel on their server. When the user interacts with the terminal, or even if the terminal emulator pre-fetches metadata for the link, the data is leaked.

Common Attack Vectors and Scenarios

One of the most effective vectors we observed involves "Terminal Output Sniffing." In many Indian MSPs (Managed Service Providers), L1 engineers share tmux or screen sessions for collaborative troubleshooting. If one engineer executes a malicious script, the escape sequences can query the terminal state of all attached users.

CSS Keylogging: Capturing User Input

While traditional keylogging requires elevated privileges, CSS-style keylogging in the terminal can be achieved by manipulating the terminal's echo state. By sending a sequence to disable echo (stty -echo) and then querying the cursor position or window title, an attacker can infer what the user is typing based on the terminal's response timing and content.

Disabling terminal echo to mask the injection
stty -echo
Querying window title (potential exfiltration of sensitive paths)
printf '\e]21;?\a'
Restoring echo after the payload
stty echo

Exfiltrating Data via Media Queries and Font-Based Extraction

In web CSS, @media queries can detect screen resolution, which helps in fingerprinting. In terminals, sequences can query the current font size, cell dimensions, and even the color palette. We used these "font-based" extraction techniques to determine if a user was running a terminal in a specific environment (like a secure vault) based on the unique font rendering characteristics reported back by the emulator.

Technical Deep Dive: Crafting Malicious Selectors

To automate data extraction, we developed a method for sequential data extraction using nested ANSI sequences. This mimics the way a CSS attacker would use a script to generate thousands of selectors for every possible character combination.

Using Prefix, Suffix, and Substring Matching

In a terminal, we don't have direct prefix matching for text, but we can use "Search and Report" sequences supported by some emulators. For example, if a terminal supports the "DECRQSS" (Request Status String) sequence, we can query specific terminal settings. If the setting matches our expected "prefix," the terminal's response confirms the data.

Automating CSS Injection for Large Scale Attacks

We found that many terminal-based UI libraries (TUI) do not properly sanitize ANSI sequences. This leads to a vulnerability we've termed "Inline Style Injection." By injecting a crafted string into a log file that is later viewed with journalctl or tail, an attacker can execute these queries on the administrator's terminal.

A simple Python script to generate a malicious ANSI sequence
This sequence attempts to query the terminal's background color and 
send it back to the input buffer.
payload = "\x1b]11;?\x07" with open("malicious.log", "w") as f:     f.write(f"User login failed for: {payload}\n")

The Impact of CSS Injection on Web Security

The crossover between CSS and terminal security is most evident in web-based consoles like those found in VS Code, Jupyter Notebooks, or cloud IDEs. These environments render terminal output within a browser DOM. This allows traditional CSS data exfiltration techniques to be applied directly to the terminal's output. Security teams should also focus on detecting malicious VS Code extensions that might exploit these rendering engines.

Bypassing Traditional Script-Based Security Layers

Because these attacks do not use JavaScript, they bypass many Content Security Policies that only focus on script-src. An attacker can use style-src vulnerabilities to exfiltrate the contents of the terminal buffer. We observed this in a case where a web-based SSH client allowed users to customize their theme via raw CSS, leading to a complete session hijack.

Risks in User-Generated Content (UGC) Platforms

Platforms that allow users to share terminal recordings (like asciinema) or logs must be extremely careful. If the platform renders these logs using HTML/CSS without strict sanitization, a viewer's session data could be exfiltrated via the "background-image" trick as the log plays back.

Detection and Monitoring Strategies

Detecting these attacks requires looking beyond standard process monitoring. Since the "attack" consists of valid ANSI sequences, traditional EDR (Endpoint Detection and Response) tools often miss them. For enterprise environments, centralized SSH logging and SIEM integration is essential to capture these ephemeral escape sequences.

Identifying Suspicious Selectors in Code Reviews

For web-based terminals, code reviews must flag any use of attribute selectors on elements that contain sensitive data. For native terminals, we recommend auditing the terminfo database to see what capabilities are being exposed to applications.

Auditing terminfo capabilities for exploitable styling modes
infocmp -L1 | grep -E 'rmso|sitm'

Monitoring Outbound Network Requests for Anomalies

In a hardened environment, a terminal should never be making outbound HTTP requests. We suggest using auditd or eBPF to monitor for processes that open network sockets immediately after reading from a TTY device. This is a high-fidelity indicator of a data exfiltration attempt.

Scanning syslog for captured ANSI escape sequences
cat -v /var/log/syslog | grep -aE "\\\x1b\\\]"

Prevention and Mitigation Techniques

Hardening the terminal requires a multi-layered approach, starting with the terminal emulator configuration and extending to the shell environment.

Implementing a Strict Content Security Policy (CSP)

For web-based terminals, a strict CSP is mandatory. You must restrict style-src to trusted domains and use nonces for any inline styles. Crucially, img-src should be restricted to prevent the "background-image" exfiltration vector.

Sanitizing User-Provided CSS and HTML

Any application that displays terminal output must pass the data through a rigorous ANSI-to-HTML sanitizer that strips dangerous sequences like OSC 8 (Hyperlinks), OSC 11 (Color queries), and any sequences that attempt to set the clipboard (OSC 52).

Hardening .Xresources for Xterm

If you are using xterm, you can disable most of these dangerous "Window Ops" in your .Xresources file. This is a critical step for jump boxes and bastion hosts used by Indian SMEs to comply with the DPDP Act 2023's data protection requirements.

Hardening .Xresources to disable dangerous escape sequence operations
xtermallowWindowOps: false xtermallowFontOps: false xtermallowTcapOps: false xtermallowColorOps: false xterm*disallowedWindowOps: 1,2,3,4,5,6,7,8,9,11,12,13,14,15,16,17,18,19,20,21,SetXprop

Disabling External Resource Loading

For tmux users, the clipboard integration is a common vector for data theft. If a malicious script can write to the clipboard via OSC 52, it can exfiltrate data that the user later pastes into another window.

For tmux users: Disable OSC 52 clipboard access
Add this to your ~/.tmux.conf
set -s set-clipboard off

Technical Deep Dive: CVE-2022-41322 and CVE-2024-21644

We analyzed CVE-2022-41322, a vulnerability documented in the NIST NVD where specific escape sequences allowed for arbitrary command execution. This was achieved by abusing the terminal's integration with legacy notification systems. Similarly, CVE-2024-21644 highlighted how improper sanitization of ANSI sequences in TUI libraries led to "Inline Style Injection," allowing attackers to leak data from web-based consoles like Jupyter and VS Code.

Isolation via Alternate Screen Buffers

One practical mitigation we've implemented is the use of the alternate screen buffer for displaying untrusted content. By switching to the alternate buffer, the primary scrollback buffer (which may contain sensitive history) is isolated from the current view.

Switch to the alternate screen buffer to isolate sensitive output
tput smcup
[Display untrusted content here]
Return to the primary screen buffer
tput rmcup

The Future of CSS Security Standards

The W3C is currently discussing "CSS Selectors Level 4," which includes more powerful matching capabilities. While these are useful for developers, they also expand the attack surface for data exfiltration. We are advocating for browser vendors to implement "privacy-preserving CSS" that limits the ability of attribute selectors to trigger network requests when matching against sensitive fields.

Best Practices for Modern Web Developers

In the Indian context, where digital transformation is accelerating under the "Digital India" initiative, developers must prioritize terminal security as part of their broader application security posture. Always assume that any data sent to a terminal could be interpreted as a command.

Final check: Verify if your terminal allows window title queries (should return nothing)
printf '\e[21t'

If the above command returns a string containing your terminal's title, your environment is currently vulnerable to title-based exfiltration. You should immediately review your terminal emulator's security settings and disable "Allow Window Operations."