X hits on this document





3 / 40

Client Fingerprinting via Analysis of Browser Scripting Environment


1. Introduction

During a Web Application Penetration Test, it is important to test the security of the clients that are interacting with the application. Although not all Web Application Penetration Testing engagements include this activity, when it is performed it is essential to properly identify the client that is being exploited. Beyond simply identifying the browser, it is also important to identify the operating system (O/S) before attempting to manipulate or exploit the client. An accurate assessment of the characteristics of the client allows for the execution of optimized scripts and/or executing a few exploits instead of executing all of the available exploits and hoping the client does not notice or crash.

There are a few websites and projects which attempt to document the functionality and behaviors of the various browsers. W3schools (w3schools.com) provides an online tutorial for learning to write JavaScript code, and it provides information when specific JavaScript functions have been implemented in each of the major browsers. The Browser Security Handbook (Zalewski, 2009) defines a number of test cases which can be used to identify specific families of browsers such as determining if the browser is Microsoft Internet Explorer or Mozilla Firefox, but being able to distinguish between Firefox 3.6.4 or 3.6.8. Another project is the docType project (Google) which is attempts to enumerate the various objects and properties available within each of the browsers. A significant amount of information is available but it is similar to the Browser Security Handbook in that it only allows families of browsers to be identified.

Browser fingerprinting techniques commonly use the User Agent string to determine the client that is interacting with a web site, but all of the major browsers offer various methods for changing this variable. Some browsers allow the User Agent to be configured via the registry or via a configuration option while some browsers have plug- ins which allows a large number of environment variables to be manipulated. The User Agent string is only one of a large number of environment objects and methods which can be used to determine the type of browser.

Mark Fioravanti, mark.fioravanti.ii@gmail.com

Document info
Document views145
Page views145
Page last viewedSat Jan 21 14:07:52 UTC 2017