X hits on this document

94 views

0 shares

1 downloads

0 comments

9 / 40

Client Fingerprinting via Analysis of Browser Scripting Environment 8

  • Browser Objects and DOM Collection – multiple scripts are executed to test if individual browser objects (navigator and window) and/or DOM properties exist. If they exist, their values are recorded. When testing for specific objects, the object is first tested to see if it exists within the environment. If the object does not exist, a value of ‘undefined’ is returned for a value. If the object does exist, it is checked to see if it has a value assigned to it, if it does not ‘dne’ is returned (e.g. the value is an empty string so it does not exist), otherwise the value of the property is recorded.

  • Variable Consolidation – the results of the various script tests are consolidated into a single string for either display or submission.

  • Collection/Submission – the resulting string is displayed in a textarea so that can be inspected prior to submission.

When collecting some of the navigator properties it was noticed that some browsers would crash during the collection of some navigator properties. The HTML collection page was modified such that the document, navigator, and window properties were collected via individual scripts to prevent a single script error from preventing the collection of other information. The following HTML page was used to collect information about each browser.

<html><head><title>Collect</title> <script type="text/javascript"> <!--

var ver JS = 1.0; var env MJS = 'disabled'; var ver MJS = '0.0'; var bld MJS = -1; var typ MJS = 'none'; _ _ _ _

v _ a r e n v _ V B S = ' d i s a b l e d ' ; v a r v e r _ V B S = ' 0 . 0 typ_VBS = 'none';

'; var bld_VBS = -1; var

var __n //--> </script>

=

navigator;

var

__

d

=

document;

var

__

w = window;

<script <script <script <script <script <script <script <script

language="Javascript1.1">ver language="Javascript1.2">ver language="Javascript1.3">ver language="Javascript1.4">ver language="Javascript1.5">ver language="Javascript1.6">ver language="Javascript1.7">ver language="Javascript1.8">ver

_ _ _ _ _ _ _ _

JS JS JS JS JS JS JS JS

';if (strAnTest.trim)

{ver JS = '1.8.1'

= 1.1;</script> = 1.2;</script> = 1.3;</script> = 1.4;</script> = 1.5;</script> = 1.6;</script> = 1.7;</script> = 1.8;var strAnTest = ' ;}</script>

TXT

_

<script language="Javascript1.9">ver_JS = 1.9;</script> <script language="Javascript2.0">ver_JS = 2.0;</script> <script type="text/jscript" language="JScript">

Mark Fioravanti, mark.fioravanti.ii@gmail.com

Document info
Document views94
Page views94
Page last viewedSun Dec 04 04:07:59 UTC 2016
Pages40
Paragraphs975
Words10494

Comments