The majority of current anonymous systems focus on improving anonymity at the network and website level in order to defend against traffic analysis attacks. However, the vulnerability of the connections between end users and the anonymous network do not attract any attention yet. For the first time, we reveal an end user browsing dynamics based attack on anonymous browsing systems at the LAN where the victim locates. This new attack method is fundamentally different from existing attack methodologies. In general, web surfers browse the web following certain patterns, such as requesting a web page, viewing it and requesting another page. The browsing pattern of a victim can be clearly observed by a local adversary when the victim is viewing the web without protection. Unfortunately, browsing dynamics releases rich information for attacking even though the web page content is encrypted. In order to show how a local eavesdropper can decipher which pages have been viewed with the knowledge of user browsing dynamics and the public information of a given website, we established a specific hidden Markov model to represent browsing dynamics for the website. By using this model, we can then identify the optimal of the accessed pages using the Viterbi algorithm. In order to confirm the effectiveness of the revealed attack method, we have conducted extensive experiments on a real data set. The results demonstrated that the attack accuracy can be more than 80. A few possible counter-attack strategies are discussed at the end of the paper. © 2011 The Author. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved.