Collaborate Disseminate
In order to better protect my Django web app, I want to reduce the leakage of information that could help an attacker profile my application. If you were an attacker, what would you look at to identify a Django web app?
From OWASP, I know … Continue reading How can you fingerprint a Django web app?
Motivation
I want to develop a custom, local Firefox extension and investigate, if its installation has any impact on the browser fingerprint.
Background
Some time (years?) ago, there were articles advising against installing too many brow… Continue reading What impact does an installed extension have on the browser fingerprint (uniqueness)?
Many online services use fingerprinting to track users – storing enough hardware and software details to create a unique record.
But what do emulators do? Can they make you completely anonymous on the internet?
Do Bluestacks or Memu use th… Continue reading Do emulator programs like Bluestacks, Memu, Genymotion use the real device settings of the computer you’re connecting from?
I have Tor Browser (which is basically Firefox ESR) on "Safest" setting (Javascript disabled). We’re generally scolded about using extensions in it, as they can alter web traffic patterns to or from your browser, adding another f… Continue reading Tor Browser: Could a website or ISP detect modification to DOM done by users if Javascript is disabled?
Okta recently sent out an email to admins about changes to their new device detection strategy. According to them:
Due to browser advancements in anonymous web browsing, JavaScript fingerprinting techniques are quickly becoming obsolete…. Continue reading Is javascript fingerprinting becoming obsolete?
Today I switched ON the "Responsive Design Mode" under the "Web Developer" Section of the Firefox menu, and from the dropdown menu selected "iPhone X/XS iOS 12".
So now every webpage I visited was being sent t… Continue reading Effect of Firefox’s "Responsive Design Mode" on the browser’s fingerprint
Tor’s approach to countering fingerprinting is to make as many users “appear the same” as possible. Let us call this “generalization”. While Brave tries to randomize all fingerprints of each and every user in a unique way (for each new ope… Continue reading Which approach is technically more effective to hinder user tracking – fingerprint generalization or randomization?
Some services, like https://2ip.io/privacy/, are able to detect (correctly) OpenVPN and its settings. For example, in my case: OpenVPN, AES, MAC is SHA512.
How VPN fingerprinting works? I thought the only clue is the MTU, but I have reall… Continue reading Evade VPN fingerprinting
I was following this Lynda course.
https://www.linkedin.com/learning/ethical-hacking-enumeration/enumerating-smb-from-linux-episode-1
The instructor used this script to detect the OS of the target system.
nmap –script /usr/share/nmap/s… Continue reading nmap script "smb-os-discovery.nse" does not output information about the host OS?
About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims. Continue reading Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy