IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [fingerprinting]

Gaining information about current version of an application or operating system in order to find a vulnerability.

Fingerprinting is a term that describes the process of identifying a system based upon the services it runs and the behaviour it exhibits.

141 questions
8
votes
1 answer

Will two smartphones (identical hardware and software) generate the same canvas fingerprint?

When using Canvas Fingerprint (like on this website) to distinguish users, does two smartphones (same model, same OS version, and no browser/plugin customization) will share the same fingerprint?
Matthieu Charbonnier
  • 183
  • 4
8
votes
3 answers

Passive fingerprinting of HTTPS client

Is it possible to passively fingerprint a HTTPS client, based solely on data visible to a network eavesdropper? In other words, consider a network monitoring box that can see all the packets (but doesn't know any private keys and is only passively…
D.W.
  • 98,420
  • 30
  • 267
  • 572
7
votes
1 answer

Passive fingerprinting of email client, based on email headers

Are there ways to passively fingerprint (infer) the operating system or mail client that an email sender is using, based upon the headers of an email from that sender? I'm familiar with passive network fingerprinting tools like p0f: given a trace of…
D.W.
  • 98,420
  • 30
  • 267
  • 572
7
votes
2 answers

Does HTTPS protect you from fingerprinting by the NSA?

We've established that, for all intents and purposes, HTTPS hides what page you visit on a given server from NSA backbone wiretapping, but not the domain itself. But that's only IP / domain correlation (across multiple domains), and nothing more. As…
user21377
7
votes
2 answers

What impact does an installed extension have on the browser fingerprint (uniqueness)?

Motivation I want to develop a custom, local Firefox extension and investigate, if its installation has any impact on the browser fingerprint. Background Some time (years?) ago, there were articles advising against installing too many browser…
bela53
  • 173
  • 4
7
votes
1 answer

Can canvas fingerprinting be prevented?

How can canvas fingerprinting be prevented in web browsers? The site Panopticlick said I had a hash of WebGL fingerprint of 5 bits of entropy. I installed CanvasBlocker addon and tested again and it went up to 15 bits. Are there any other ways to…
Celeritas
  • 10,039
  • 22
  • 77
  • 144
7
votes
2 answers

Extra p0f v3 fingerprints files?

p0f v3 is a passive operating system detector. The latest release is 3.08b, dating to November, 2014. Given the releases of Windows 10, multiple Linux, Firefox and Chrome versions since then, the fingerprints file doesn't identify a lot of TCP SYN…
Bruce Ediger
  • 4,552
  • 2
  • 25
  • 26
6
votes
1 answer

Discovering a vulnerable service on a machine

I am trying to get access to one of the machines in my lab. it has 2 tcp ports that I am highly suspecting which are: port 25 tcp port 111 tcp For port 25, it is supposed to be running SMTP, however, I think that it is running another service…
Ahmed Taher
  • 701
  • 6
  • 13
  • 23
6
votes
2 answers

Why do browsers expose installed fonts?

It's a well known fact (in the privacy-aware community, at least), that a factor quite used for tracking is the list of installed fonts, which browsers seem to expose, and trackers exploit this. There's lots of questions and answers as to how to…
WhyNotHugo
  • 208
  • 1
  • 9
6
votes
2 answers

How to find Windows version from the file on a remote system

I need to find out what Windows and Service Pack system is currently running. All I have is ftp access, it means I cannot run any the software. Is there a way to determine what version of Windows, Service Pack, and what Language is installed on a…
Dranik
  • 233
  • 1
  • 3
  • 8
6
votes
1 answer

Youtube.com trying to extract HTML5 canvas data: is Youtube trying to fingerprint users' browser?

While trying to watch a Youtube videos using Tor browser, the Tor browser opens an alert window: This website (www.youtube.com) attempted to extract HTML5 canvas image data, which may be used to uniquely identify your computer. Should Tor Browser…
supercobra
  • 623
  • 1
  • 5
  • 7
5
votes
2 answers

How to fake a browser fingerprint?

I'm developing a browser based on Google Chromium and keeping in mind that privacy is freedom; but I need to know how to protect my browser's users against fingerprinting. I was thinking about intercepting requests associated with fingerprinting,…
Freedo
  • 2,253
  • 5
  • 18
  • 28
5
votes
1 answer

Possible to avoid device fingerprinting with imagemagick?

If I took a picture with my mobile phone and wanted to publish that photo without any artefacts connect to me, the first thing I would do is strip all of the image metadata with 'exiftool': exiftool -all= IMG_1234.JPG ... but it is well understood…
user227963
  • 201
  • 1
  • 2
5
votes
2 answers

What "timing attacks" could websites perform using last modified dates of files?

https://developer.mozilla.org/en-US/docs/Web/API/File/lastModified describes the .lastModified property of a File object in JavaScript (usually created when a user selects a file via a HTML element; in-browser JavaScript served…
Mark Amery
  • 1,777
  • 2
  • 13
  • 19
5
votes
1 answer

How does a keypair fingerprint work?

Setting up an AWS instance with the instructions here, I create a public/private keypair. I understand the public key fingerprint is usually just a hash of the public key. However, the instructions here show that you can confirm that your private…
AlwaysQuestioning
  • 153
  • 5
1
2
3
9 10