Download presentation
Presentation is loading. Please wait.
Published byBaldwin Bell Modified over 9 years ago
1
How to Detect a Client’s Browser Senior Seminar CS498
2
Conrad Kennington
4
Kount
5
Stops e-commerce fraud Passively identifies devices
6
Your device automatically sends information about itself
7
Why?
9
= mobile site
10
= desktop site
11
= mobile site = desktop site en-US
12
= mobile site = desktop site en-US = English site
13
= mobile site = desktop site en-US = English site ja-JA
14
= mobile site = desktop site en-US = English site ja-JA = Japanese site
16
=
17
What information?
18
What they know Device location (~30 miles) Business type If you’re a return visitor When you last visited If they care: Browser version Browser plugins installed Plugins can gather additional system information Operating system version Local timezone Language settings Limited device specs Resolution Screen size Color depth
19
What they don’t know Name Age Gender Weight Address Profession Phone Credit card number Major Salary Social Security Number Medical history Facebook relationship status Mother’s maiden name Licensed watercraft Outstanding parking tickets Favorite ice-cream Overdue library books Credit score
20
Grades Favorite bands High school sweethearts Eye color Nicknames Netflix recently watched Email addresses Tax returns Candy Crush score Batting average Attendance records Instant messages Pirated music/movies Magazine subscriptions Purchase history World of Warcraft achievements Books read Adderall dosage MySpace Top 10 Travel schedule Birthday Voting records Smart phone contact list Student loan balance
21
Tattoos Fingerprints Drivers license number License plate Dental records Guns owned Magic the Gathering decks Costco membership status Unredeemed rewards points Average commute time Hobbies Mile run Favorite restaurants Merit badges Religion Pets Mood Amazon wish list Marital status 401k balance Therapist Phone logs YouTube comments Number of children
22
Pretty much nothing about your person
24
Location
25
71.33.*.*
26
This means Boise, Idaho
27
71.33.*.* This means Boise, Idaho For now.
29
82.148.97.69
30
This means Qatar
31
82.148.97.69 This means Qatar The whole country.
34
Mask my IP, mask my location?
35
Not exactly.
36
Mask my IP, mask my location? Not exactly. Timezone, language, etc
37
Browser
38
HTTP Request Headers Request methodGET Request URI / Request protocolHTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept charset Accept encodinggzip,deflate,sdch Accept languageen-US,en;q=0.8 Connection keep-alive Host myhttp.info Referer https://www.google.com/ User agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1801.3 Safari/537.36
39
Parsing a user agent string sucks
41
Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36 Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20100101 Firefox/19.0 Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0.1 Googlebot/2.1 (+http://www.google.com/bot.html) Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0;.NET CLR 2.0.50727; Media Center PC 6.0) Mozilla/4.0 (compatible; MSIE 6.1; Windows XP) None of your business. Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10 Opera/9.80 (Android; Opera Mini/7.5.33361/31.1350; U; en) Presto/2.8.119 Version/11.10 ‘; DELETE FROM user_agents; Mozilla/5.0 (PLAYSTATION 3; 2.00) Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+ Mozilla/5.0 (Linux armv6l; Maemo; Opera Mobi/8; U; en-GB; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.00 Mozilla/5.0 (X11; U; Linux i686; ru; rv:33.2.3.12) Gecko/20120201 SeaMonkey/8.2.8 Mozilla/5.0 (X11; U; OpenBSD arm; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Safari/531.2+ Epiphany/2.30.0 Mozilla/5.0 (compatible; Konqueror/4.3; Linux) KHTML/4.3.1 (like Gecko) Fedora/4.3.1-3.fc11 Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US)) Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) Mozilla/5.0 ( ; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Mozilla/5.0 (Windows; U; Windows NT 6.1) AppleWebKit/526.3 (KHTML, like Gecko) Chrome/14.0.564.21 Safari/526.3
42
HTTP Header Order Chrome 34 on a Macbook Host: pgl.yoyo.org Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1801.3 Safari/537.36 Referer: https://www.google.com/ Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Firefox 5 on a Macbook Host: pgl.yoyo.org User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:19.0) Gecko/20100101 Firefox/19.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Safari 7 on a Macbook Host: pgl.yoyo.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us Connection: keep-alive Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11
43
JavaScript
44
Good at detecting browser features and capabilities.
45
Support multiple backgrounds?
46
Good at detecting browser features and capabilities. Support multiple backgrounds? HTML5 canvas?
47
Good at detecting browser features and capabilities. Support multiple backgrounds? HTML5 canvas? Border radius?
48
Good at detecting browser features and capabilities. Support multiple backgrounds? HTML5 canvas? Border radius? Box shadow?
49
Good at detecting browser features and capabilities. Support multiple backgrounds? HTML5 canvas? Border radius? Box shadow? Available events?
50
Good at detecting browser features and capabilities. Support multiple backgrounds? HTML5 canvas? Border radius? Box shadow? Available events? CSS properties recognized?
51
Good at detecting browser features and capabilities. Support multiple backgrounds? HTML5 canvas? Border radius? Box shadow? Available events? CSS properties recognized? CSS animations?
52
Good at detecting browser features and capabilities. Support multiple backgrounds? HTML5 canvas? Border radius? Box shadow? Available events? CSS properties recognized? CSS animations? DOM prefixes available?
54
SSL Ciphers
55
Client Handshake Packet
56
Chrome 34 on a Macbook ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-ECDSA-RC4128-SHA ECDHE-RSA-RC4128-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA DHE-RSA-AES256-SHA RSA-AES128-GCM-SHA256 RSA-AES128-SHA RSA-AES256-SHA RSA-3DES-EDE-SHA RSA-RC4128-SHA RSA-RC4128-MD5 Firefox 5 on a Macbook ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA DHE-DSS-CAMELLIA256-SHA DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA ECDH-RSA-AES256-SHA ECDH-ECDSA-AES256-SHA RSA-CAMELLIA256-SHA RSA-AES256-SHA ECDHE-ECDSA-RC4128-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-RC4128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA DHE-DSS-CAMELLIA128-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA ECDH-RSA-RC4128-SHA ECDH-RSA-AES128-SHA ECDH-ECDSA-RC4128-SHA ECDH-ECDSA-AES128-SHA RSA-SEED-SHA RSA-CAMELLIA128-SHA RSA-RC4128-SHA RSA-RC4128-MD5 RSA-AES128-SHA ECDHE-ECDSA-3DES-EDE-SHA ECDHE-RSA-3DES-EDE-SHA DHE-RSA-3DES-EDE-SHA DHE-DSS-3DES-EDE-SHA ECDH-RSA-3DES-EDE-SHA ECDH-ECDSA-3DES-EDE-SHA RSA-FIPS-3DES-EDE-SHA RSA-3DES-EDE-SHA curl 7.30 on a Macbook ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-RC4128-SHA ECDHE-ECDSA-3DES-EDE-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-RC4128-SHA ECDHE-RSA-3DES-EDE-SHA ECDH-ECDSA-AES256-SHA384 ECDH-ECDSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-RC4128-SHA ECDH-ECDSA-3DES-EDE-SHA ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-RC4128-SHA ECDH-RSA-3DES-EDE-SHA DH-RSA-MISTY1-SHA DH-DSS-MISTY1-SHA RSA-AES128-SHA RSA-RC4128-SHA RSA-RC4128-MD5 RSA-AES256-SHA RSA-3DES-EDE-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-3DES-EDE-SHA PSK-AES256-SHA PSK-AES128-SHA PSK-RC4128-SHA
57
So…
58
What they know Device location If you’re a return visitor When you last visited Browser version Browser plugins installed Plugins can gather additional system information Operating system version Local timezone Language settings Limited device specs Resolution Screen size Color depth How they know it IP address, HTTP headers Cookie HTTP headers, ciphers, JS HTTP headers Depends on the plugin HTTP headers, ciphers JavaScript HTTP headers JavaScript Javascript
61
Questions
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.