Client Fingerprinting via Analysis of Browser Scripting Environment
exploit it. Incorrect identification can result in a failed exploit that can crash a browser or even the operating system, potentially resulting in the lost data. By correctly identifying a client, exploits can be more carefully selected to reduce the likelihood of collateral damage and increase the likelihood of a successfully compromising a client and possibly successfully manipulating the client to perform the desired actions of the web application penetration tester.
Alcorn, W. (2010, February 25). BindShell.Net: browser exploitation framework. Retrieved from http://www.bindshell.net/tools/beef/ Aleksandersen, D. (2010, August 25). Bug fixing wednesday on a unified build number. Retrieved from http://my.opera.com/desktopteam/blog/b9034 Apple Computer, Inc. (2010, June 21). Safari user guide for developers: prototyping your website. Retrieved from http://developer.apple.com/safari/library/documentation/appleapplications/concep tual/safari_developer_guide/PrototypingYourWebsite/PrototypingYourWebsite.ht ml European Computer Manufacturers Association. (1999, December) Standard ECMA-262: ECMAScript language specification, 3rd Edition. Retrieved from http://www.ecma-international.org/publications/files/ECMA-ST-ARCH/ECMA- 262,%203rd%20edition,%20December%201999.pdf European Computer Manufacturers Association. (2009, December) Standard ECMA-262: ECMAScript language specification, 5th Edition. Retrieved from http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf GlobalStats. (2010, August). StatsCounter: top 5 browsers from august 2009 through august 2010. Retrieved from http://gs.statcounter.com/ Google. (2008, December 30). Google Chrome: help forum: built-in user agent switcher? Retrieved from http://www.google.com/support/forum/p/Chrome/thread?tid=64e4e45037f55919 &hl=en