Client Fingerprinting via Analysis of Browser Scripting Environment
Software’s Opera browser (Lee, 2009). Browser Autopwn can be and has been expanded as a result of this fingerprinting project to make use of the Google Chrome and Mozilla Firefox identification techniques previously described.
As a result of the collection and analysis of a number of different browser and O/Ss, it was determined that a browser and/or operating system could fairly easily be identified by using the scripting techniques identified in this paper.
Determining the version of the browser can be difficult, as usually it is possible to overwrite the information providing specific details about the browser. In the case of Microsoft Internet Explorer, Mozilla Firefox, and ASA Software’s Opera browser sufficient information is available to usually determine the specific browser version being used, even if a level of masquerading is being performed. A combination of the major, minor and build versions of the script engine allow the version of Internet Explorer to be identified, Mozilla Firefox version’s can be determined by the navigator.buildID, while ASA Software’s Opera browser can be identified by either the opera.buildNumber() or opera.version() functions.
Determining the O/S that the browser is operating within can be a little more difficult, but it is usually possible to at least determine the O/S family that is hosting the browser. Some browsers only operate within specific environments, such as Microsoft Internet Explorer, Apple’s Safari Browser or KDE’s Konqueror. All of the browsers provided enough information to determine the O/S, while other provided enough information to determine the O/S family. ASA Software’s Opera browser provides the opera.buildNumber() function by which the O/S family can be determined. Some exposed more information which allowed specific O/S variants and distributions to be identified or even specific processor architectures. At a minimum Mozilla Firefox allows the O/S family to be identified, while in most cases the navigator.buildID allows the O/S, O/S distribution and even the processor architecture to be determined.
During a Web Application Penetration test which includes client side testing, it is important to correctly identify the browser and O/S of the client before attempting to