X hits on this document





17 / 40

Client Fingerprinting via Analysis of Browser Scripting Environment


extension), and a file which contains all of the different variants organized by value (given a .map extension).

5. Results

By analyzing the output of the analysis scripts, a number of fingerprints have been identified which allow the identification of various browsers, even despite some basic attempts at changing the browser’s identity. Some browsers can only be identified by their families, while others provide enough information to uniquely identify the browser, the browser’s version, the O/S, the O/S’s version and the processor architecture.

5.1. Microsoft Internet Explorer

navigator.userAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) navigator.appName: Microsoft Internet Explorer navigator.appCodeName: Mozilla navigator.appVersion: 4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) navigator.appMinorVersion: 0 navigator.browserLanguage: en-us navigator.cpuClass: x86 navigator.systemLanguage: en-us navigator.language: undefined navigator.buildID: undefined navigator.oscpu: undefined navigator.platform: Win32 navigator.product: undefined navigator.productSub: undefined navigator.userLanguage: en-us navigator.userProfile: undefined navigator.vendor: undefined navigator.vendorSub: undefined custom.scripting: Javascript/1.3 JScript/5.8 JScript/16385 VBScript/5.8 VBScript/16385 custom.property: d.all d.childNodes d.compatMode d.documentMode

  • d.

    getElementById !d.getElementsByClassName !n.savePreferences

  • w.

    XMLHttpRequest !w.globalStorage w.postMessage Figure 5.1-1: Internet Explorer 8.0 on Windows 7 Ultimate, x86 Processor Microsoft Internet Explorer contains a number of features that allows it to be

uniquely distinguished from other browsers. By searching for either ‘MSIE’ or ‘Trident/’ in the navigator.userAgent property Internet Explorer can be identified. The ‘Trident/’ token is only present in Internet Explorer 7 or higher. Unlike all of the other browsers

Mark Fioravanti, mark.fioravanti.ii@gmail.com

Document info
Document views151
Page views151
Page last viewedSun Jan 22 14:44:26 UTC 2017