Client Fingerprinting via Analysis of Browser Scripting Environment
During a Web Application Penetration Test, it is important to test the security of the clients that are interacting with the application. Although not all Web Application Penetration Testing engagements include this activity, when it is performed it is essential to properly identify the client that is being exploited. Beyond simply identifying the browser, it is also important to identify the operating system (O/S) before attempting to manipulate or exploit the client. An accurate assessment of the characteristics of the client allows for the execution of optimized scripts and/or executing a few exploits instead of executing all of the available exploits and hoping the client does not notice or crash.
Browser fingerprinting techniques commonly use the User Agent string to determine the client that is interacting with a web site, but all of the major browsers offer various methods for changing this variable. Some browsers allow the User Agent to be configured via the registry or via a configuration option while some browsers have plug- ins which allows a large number of environment variables to be manipulated. The User Agent string is only one of a large number of environment objects and methods which can be used to determine the type of browser.