How to Detect a Client’s Browser Senior Seminar CS498
advertisement
How to Detect a Client’s Browser Senior Seminar CS498 Conrad Kennington Kount • Stops e-commerce fraud Passively identifies devices Your device automatically sends information about itself Why? = mobile site = mobile site = desktop site = mobile site en-US = desktop site = mobile site en-US = English site = desktop site = mobile site en-US = English site ja-JA = desktop site = mobile site en-US = English site ja-JA = Japanese site = desktop site = What information? What they know Device location (~30 miles) Business type If you’re a return visitor When you last visited If they care: Browser version Browser plugins installed Plugins can gather additional system information Operating system version Local timezone Language settings Limited device specs Resolution Screen size What they know Device location (~30 miles) Business type If you’re a return visitor When you last visited If they care: Browser version Browser plugins installed Plugins can gather additional system information Operating system version Local timezone Language settings Limited device specs Resolution Screen size What they don’t know • • • • • • • • • • • • • • • • • • Name Age Gender Weight Address Profession Phone Credit card number Major Salary Social Security Number Medical history Facebook relationship status Mother’s maiden name Licensed watercraft Outstanding parking tickets Favorite ice-cream Overdue library books • • • • • • • • • • • • • • • • • • • • • • Grades Favorite bands High school sweethearts Eye color Nicknames Netflix recently watched Email addresses Tax returns Candy Crush score Batting average Attendance records Instant messages Pirated music/movies Magazine subscriptions Purchase history World of Warcraft achievements Books read Adderall dosage MySpace Top 10 Travel schedule Birthday Voting records • • • • • • • • • • • • • • • • • • • • • • Tattoos Fingerprints Drivers license number License plate Dental records Guns owned Magic the Gathering decks Costco membership status Unredeemed rewards points Average commute time Hobbies Mile run Favorite restaurants Merit badges Religion Pets Mood Amazon wish list Marital status 401k balance Therapist Phone logs Pretty much nothing about your person Location 71.33.*.* 71.33.*.* This means Boise, Idaho 71.33.*.* This means Boise, Idaho For now. 82.148.97.69 82.148.97.69 This means Qatar 82.148.97.69 This means Qatar The whole country. Mask my IP, mask my location? Mask my IP, mask my location? Not exactly. Mask my IP, mask my location? Not exactly. Timezone, language, etc Browser HTTP Request Headers Request method GET Request URI / Request protocol HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept charset Accept encoding gzip,deflate,sdch Accept language en-US,en;q=0.8 Connection keep-alive Host myhttp.info Referer https://www.google.com/ User agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1801.3 Safari/537.36 Parsing a user agent string sucks Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20100101 Firefox/19.0 Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0.1 Googlebot/2.1 (+http://www.google.com/bot.html) Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; Media Center PC 6.0) Mozilla/4.0 (compatible; MSIE 6.1; Windows XP) None of your business. Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53. Opera/9.80 (Android; Opera Mini/7.5.33361/31.1350; U; en) Presto/2.8.119 Version/11.10 ‘; DELETE FROM user_agents; Mozilla/5.0 (PLAYSTATION 3; 2.00) Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+ Mozilla/5.0 (Linux armv6l; Maemo; Opera Mobi/8; U; en-GB; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.00 Mozilla/5.0 (X11; U; Linux i686; ru; rv:33.2.3.12) Gecko/20120201 SeaMonkey/8.2.8 Mozilla/5.0 (X11; U; OpenBSD arm; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Safari/531.2+ Epiphany/2.30.0 Mozilla/5.0 (compatible; Konqueror/4.3; Linux) KHTML/4.3.1 (like Gecko) Fedora/4.3.1-3.fc11 Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US)) Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) Mozilla/5.0 ( ; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) HTTP Header Order Chrome 34 on a Macbook Host: pgl.yoyo.org Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1801.3 Safari/537.36 Referer: https://www.google.com/ Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Firefox 5 on a Macbook Host: pgl.yoyo.org User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:19.0) Gecko/20100101 Firefox/19.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Safari 7 on a Macbook Host: pgl.yoyo.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us Connection: keep-alive Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11 JavaScript Good at detecting browser features and capabilities. Good at detecting browser features and capabilities. • Support multiple backgrounds? Good at detecting browser features and capabilities. • Support multiple backgrounds? • HTML5 canvas? Good at detecting browser features and capabilities. • Support multiple backgrounds? • HTML5 canvas? • Border radius? Good at detecting browser features and capabilities. • Support multiple backgrounds? • HTML5 canvas? • Border radius? • Box shadow? Good at detecting browser features and capabilities. • Support multiple backgrounds? • HTML5 canvas? • Border radius? • Box shadow? • Available events? Good at detecting browser features and capabilities. • Support multiple backgrounds? • HTML5 canvas? • Border radius? • Box shadow? • Available events? • CSS properties recognized? Good at detecting browser features and capabilities. • Support multiple backgrounds? • HTML5 canvas? • Border radius? • Box shadow? • Available events? • CSS properties recognized? • CSS animations? Good at detecting browser features and capabilities. • Support multiple backgrounds? • HTML5 canvas? • Border radius? • Box shadow? • Available events? • CSS properties recognized? • CSS animations? • DOM prefixes available? SSL Ciphers Client Handshake Packet Chrome 34 on a Macbook ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-ECDSA-RC4128-SHA ECDHE-RSA-RC4128-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA DHE-RSA-AES256-SHA RSA-AES128-GCM-SHA256 RSA-AES128-SHA RSA-AES256-SHA RSA-3DES-EDE-SHA RSA-RC4128-SHA RSA-RC4128-MD5 curl 7.30 on a Macbook Firefox 5 on a Macbook ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-RC4128-SHA ECDHE-ECDSA-3DES-EDE-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-RC4128-SHA ECDHE-RSA-3DES-EDE-SHA ECDH-ECDSA-AES256-SHA384 ECDH-ECDSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-RC4128-SHA ECDH-ECDSA-3DES-EDE-SHA ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-RC4128-SHA ECDH-RSA-3DES-EDE-SHA DH-RSA-MISTY1-SHA DH-DSS-MISTY1-SHA RSA-AES128-SHA RSA-RC4128-SHA RSA-RC4128-MD5 RSA-AES256-SHA RSA-3DES-EDE-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-3DES-EDE-SHA PSK-AES256-SHA PSK-AES128-SHA PSK-RC4128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA DHE-DSS-CAMELLIA256-SHA DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA ECDH-RSA-AES256-SHA ECDH-ECDSA-AES256-SHA RSA-CAMELLIA256-SHA RSA-AES256-SHA ECDHE-ECDSA-RC4128-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-RC4128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA DHE-DSS-CAMELLIA128-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA ECDH-RSA-RC4128-SHA ECDH-RSA-AES128-SHA ECDH-ECDSA-RC4128-SHA ECDH-ECDSA-AES128-SHA RSA-SEED-SHA RSA-CAMELLIA128-SHA RSA-RC4128-SHA RSA-RC4128-MD5 RSA-AES128-SHA ECDHE-ECDSA-3DES-EDE-SHA ECDHE-RSA-3DES-EDE-SHA DHE-RSA-3DES-EDE-SHA DHE-DSS-3DES-EDE-SHA ECDH-RSA-3DES-EDE-SHA ECDH-ECDSA-3DES-EDE-SHA RSA-FIPS-3DES-EDE-SHA RSA-3DES-EDE-SHA So… What they know Device location If you’re a return visitor When you last visited Browser version Browser plugins installed Plugins can gather additional system information Operating system version Local timezone Language settings Limited device specs Resolution Screen size Color depth How they know it • IP address, HTTP headers • Cookie • Cookie • HTTP headers, ciphers, JS • HTTP headers • Depends on the plugin • HTTP headers, ciphers • JavaScript • HTTP headers • JavaScript • JavaScript • JavaScript • Javascript Questions
