fast and efficient browser identification with javascript
play

Fast and efficient Browser Identification with JavaScript Engine - PowerPoint PPT Presentation

Jun 09, 2023 •191 likes •539 views

Fast and efficient Browser Identification with JavaScript Engine Fingerprinting Martin Mulazzani , Philipp Reschl, Manuel Leithner, Markus Huber, Edgar Weippl SBA Research Vienna, Austria Outline Motivation & Background JavaScript Engine

  1. Fast and efficient Browser Identification with JavaScript Engine Fingerprinting Martin Mulazzani , Philipp Reschl, Manuel Leithner, Markus Huber, Edgar Weippl SBA Research Vienna, Austria

  2. Outline Motivation & Background JavaScript Engine Fingerprinting Methodology Minimal Fingerprints Decision Trees Evaluation Evaluation - Tor Browser Bundle Evaluation - Survey

  3. Motivation Browser Identification: ◮ Accurately identify the browser used by the client ◮ Webserver point-of-view ◮ Motivated by nmap for TCP/IP fingerprinting ◮ Limitations of UserAgent string: ◮ Can be set arbitrarily ◮ Not a security feature Different use cases: ◮ Detect UserAgent string manipulations ◮ Detect session hijacking ◮ Browser-specific malware

  4. Motivation Browser Identification: ◮ Accurately identify the browser used by the client ◮ Webserver point-of-view ◮ Motivated by nmap for TCP/IP fingerprinting ◮ Limitations of UserAgent string: ◮ Can be set arbitrarily ◮ Not a security feature Different use cases: ◮ Detect UserAgent string manipulations ◮ Detect session hijacking ◮ Browser-specific malware

  5. Browser Market Browser market currently very competitive: ◮ Man-years of development time ◮ Fight for market shares, especially smartphones ◮ Become more & more powerful (e.g., Cloud computing, HTML5, ...) ◮ New features: ◮ JIT, GPU rendering, remote rendering, Sandboxing ◮ Mostly performance or security

  6. Browser Market :)

  7. Methodology Our approach: ◮ Use JavaScript (ECMAScript 5.1) conformance tests ◮ test262 - http://test262.ecmascript.org ◮ Sputnik - http://sputnik.googlelabs.com ◮ More than 11.000 test cases ◮ Javascript engines fail at different test cases In the future: ◮ Enhance session security ◮ by locking session to specific browser version ◮ Increase user privacy ◮ by detecting (attacking) fingerprinting

  8. Methodology Our approach: ◮ Use JavaScript (ECMAScript 5.1) conformance tests ◮ test262 - http://test262.ecmascript.org ◮ Sputnik - http://sputnik.googlelabs.com ◮ More than 11.000 test cases ◮ Javascript engines fail at different test cases In the future: ◮ Enhance session security ◮ by locking session to specific browser version ◮ Increase user privacy ◮ by detecting (attacking) fingerprinting

  9. Methodology Our approach: ◮ Use JavaScript (ECMAScript 5.1) conformance tests ◮ test262 - http://test262.ecmascript.org ◮ Sputnik - http://sputnik.googlelabs.com ◮ More than 11.000 test cases ◮ Javascript engines fail at different test cases In the future: ◮ Enhance session security ◮ by locking session to specific browser version ◮ Increase user privacy ◮ by detecting (attacking) fingerprinting

  10. Related Work Recent paper by Mowery et.al, W2SP 2011 ◮ Use 39 Javascript benchmarks e.g., Sunspider or V8 Benachmark Suite ◮ Generate normalized fingerprint based on time pattern ◮ On average 190 seconds runtime Our approach: ◮ Takes less then 200ms (3 orders of magnitude faster) ◮ not stalling the CPU noticeably ◮ Few hundred lines of Javascript max. ◮ Collected > 150 OS and browser combinations

  11. Related Work Recent paper by Mowery et.al, W2SP 2011 ◮ Use 39 Javascript benchmarks e.g., Sunspider or V8 Benachmark Suite ◮ Generate normalized fingerprint based on time pattern ◮ On average 190 seconds runtime Our approach: ◮ Takes less then 200ms (3 orders of magnitude faster) ◮ not stalling the CPU noticeably ◮ Few hundred lines of Javascript max. ◮ Collected > 150 OS and browser combinations

  12. Related Work Other related work: ◮ EFF’s Panopticlick, PETS 2010 ◮ Mowery et.al, W2SP 2012 ◮ uses novel HTML5 features and WebGL rendering ◮ Upcoming paper on HTML5 and CSS3 features (ARES 2013)

  13. test262

  14. test262: Browser - OS Combinations

  15. test262: Browser - OS Combinations

  16. Distinguish Browsers Random subset of test262 test cases: Web Browser 15.4.4.4-5-c-i-1 13.0-13-s ✦ ✪ Opera 11.61 ✦ ✪ Firefox 10.0.1 ✪ ✦ Internet Explorer 9 ✪ ✪ Chrome 17 Web Browser S15.2.3.6 A1 10.6-7-1 S10.4.2.1 A1 ✪ ✪ ✪ Opera 11.61 ✪ ✦ ✪ Firefox 10.0.1 ✪ ✪ ✦ Internet Explorer 9 ✦ ✪ ✦ Chrome 17

  17. Two Methods Propose two different methods: 1. Minimal fingerprints ◮ Find out if a browser is lying about it’s UserAgent 2. Iterative decision trees ◮ Find browser with no a-priory knowledge Sharing is caring: ◮ Will release code & collected dataset ◮ Lost due to hardware failure ◮ Drop me an email for current version ◮ Always test your backups!

  18. Two Methods Propose two different methods: 1. Minimal fingerprints ◮ Find out if a browser is lying about it’s UserAgent 2. Iterative decision trees ◮ Find browser with no a-priory knowledge Sharing is caring: ◮ Will release code & collected dataset ◮ Lost due to hardware failure ◮ Drop me an email for current version ◮ Always test your backups!

  19. Minimal Fingerprints Goal: Determine minimal fingerprints 1. Define the testset (=set of browsers) 2. Collect failed test cases 3. Calculate minimal fingerprints 4. For every client: Run fingerprints Result: If browser version ∈ testset: confirm browser version “Mind the gap:” ◮ Propably not for every testset solvable ◮ Can become “big”

  20. Minimal Fingerprints Goal: Determine minimal fingerprints 1. Define the testset (=set of browsers) 2. Collect failed test cases 3. Calculate minimal fingerprints 4. For every client: Run fingerprints Result: If browser version ∈ testset: confirm browser version “Mind the gap:” ◮ Propably not for every testset solvable ◮ Can become “big”

  21. Decision Trees Goal: Minimize number of tests run at the client 1. Define the testset (=set of browsers) 2. Collect failed test cases 3. Calculate uniqueness of every failed test case 4. Build binary decision tree, iteratively Result: Minimal path through decision tree for unknown browsers Benefits: ◮ O ( logn ) instead of O ( n ) ◮ Thus even faster ◮ Can be used as first stage for minimal fingerprinting

  22. Decision Trees Goal: Minimize number of tests run at the client 1. Define the testset (=set of browsers) 2. Collect failed test cases 3. Calculate uniqueness of every failed test case 4. Build binary decision tree, iteratively Result: Minimal path through decision tree for unknown browsers Benefits: ◮ O ( logn ) instead of O ( n ) ◮ Thus even faster ◮ Can be used as first stage for minimal fingerprinting

  23. Decision Trees 15.4.4.4- 5-c-i-1 10.6-7-1 13.0-13-s

  24. Evaluation - Tor Browser Bundle Basics Tor: ◮ Internet anonymization network ◮ Hides a user’s real IP adress ◮ Hundreds of thousands users every day ◮ Approx. 3000 servers run by volunteers Tor Browser Bundle: ◮ Among other features: Uniform UserAgent ◮ to increase size of the anonymity set ◮ Everything prepackaged (Tor, Vidalia, Firefox, ...) ◮ Runs without admin rights

  25. Evaluation - Tor Browser Bundle Basics Tor: ◮ Internet anonymization network ◮ Hides a user’s real IP adress ◮ Hundreds of thousands users every day ◮ Approx. 3000 servers run by volunteers Tor Browser Bundle: ◮ Among other features: Uniform UserAgent ◮ to increase size of the anonymity set ◮ Everything prepackaged (Tor, Vidalia, Firefox, ...) ◮ Runs without admin rights

  26. Evaluation - Tor Browser Bundle Uniform UserAgent: ◮ Tor - Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0 ◮ Real - Mozilla/5.0 (X11; Linux x86 64; rv:9.0.1) Gecko/20111222 Firefox/9.0.1 Vulnerable to Javascript Engine Fingerprinting? ◮ Yes! ◮ Every Firefox > 3 . 5 can be easily distinguished ◮ Can harm user privacy and decrease anonymity set ◮ However, not a real attack on Tor

  27. Evaluation - Tor Browser Bundle Uniform UserAgent: ◮ Tor - Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0 ◮ Real - Mozilla/5.0 (X11; Linux x86 64; rv:9.0.1) Gecko/20111222 Firefox/9.0.1 Vulnerable to Javascript Engine Fingerprinting? ◮ Yes! ◮ Every Firefox > 3 . 5 can be easily distinguished ◮ Can harm user privacy and decrease anonymity set ◮ However, not a real attack on Tor

  28. Evaluation - Tor Browser Bundle

  29. Evaluation - Survey Tested our fingerprinting with a survey: ◮ 189 participants ◮ Open for a few weeks in Summer 2011 ◮ 10 test cases per browser in testset ◮ Testset: ◮ IE 8 ◮ IE 9 ◮ Chrome 10 ◮ Firefox 4 Ground truth: ◮ UserAgent String ◮ Manual identification by participant

  30. Evaluation - Survey Tested our fingerprinting with a survey: ◮ 189 participants ◮ Open for a few weeks in Summer 2011 ◮ 10 test cases per browser in testset ◮ Testset: ◮ IE 8 ◮ IE 9 ◮ Chrome 10 ◮ Firefox 4 Ground truth: ◮ UserAgent String ◮ Manual identification by participant

  31. Evaluation - Survey Performance: ◮ All files: 24 Kilobytes ◮ Fingerprints: (4x) 2.500-3.000 Bytes ◮ 90 ms on average on PC ◮ 200 ms on average on smartphone Results: ◮ 175 out of 189 browsers covered by testset ◮ 100 % detection rate ◮ No false positives! ◮ 14 not covered were mostly smartphones ◮ 1 UserAgent manipulation discovered

Recommend

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS One global namespace Often inline JS code embedded directly in HTML Many <script> tags with hidden ordering dependencies Very

362 views • 15 slides
CE419 Session 5: JavaScript (cont'd) Web Programming 1 JavaScript & The Browser

CE419 Session 5: JavaScript (cont'd) Web Programming 1 JavaScript & The Browser

CE419 Session 5: JavaScript (cont'd) Web Programming 1 JavaScript & The Browser JavaScript can be included in HTML files with <script> tag. <!DOCTYPE html> <html> <head> <title>My home

898 views • 34 slides
AJAX, fetch, and Axios Asynchronous JavaScript? HTTP Requests in the Browser URL bar

AJAX, fetch, and Axios Asynchronous JavaScript? HTTP Requests in the Browser URL bar

AJAX, fetch, and Axios Asynchronous JavaScript? HTTP Requests in the Browser URL bar Links JavaScript window.location.href = http://www.google.com' Submitting forms (GET/POST) All of the above make the browser navigate

760 views • 16 slides
Browser Feature Usage on the Modern Web Summary Analysis of how frequently javascript

Browser Feature Usage on the Modern Web Summary Analysis of how frequently javascript

Browser Feature Usage on the Modern Web Summary Analysis of how frequently javascript features are used Feature defined as browser capability accessed through JavaScript function or property. Considers only sites in Alexa

523 views • 11 slides
Security Signature Inference for JavaScript-based Browser Addons Vineeth Kashyap , Ben Hardekopf

Security Signature Inference for JavaScript-based Browser Addons Vineeth Kashyap , Ben Hardekopf

Security Signature Inference for JavaScript-based Browser Addons Vineeth Kashyap , Ben Hardekopf University of California Santa Barbara CGO 2014 1 JavaScript-based Browser Addons 2 Addons: JavaScript with High Privileges 3

898 views • 56 slides
CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic programming language. Introduced in 1995 as a way to add programs to web pages in the Netscape Navigator browser. It has made modern web

795 views • 35 slides
Selenium Tutorial What is Selenium? Javascript framework that runs in your web- browser

Selenium Tutorial What is Selenium? Javascript framework that runs in your web- browser

Selenium Tutorial What is Selenium? Javascript framework that runs in your web- browser Works anywhere Javascript is supported Hooks for many other languages Java, Ruby, Python Can simulate a user navigating through pages and

310 views • 17 slides
Validating Javascript from Realworld Websites in a Browser-like Environment Sander Snajalg

Validating Javascript from Realworld Websites in a Browser-like Environment Sander Snajalg

Validating Javascript from Realworld Websites in a Browser-like Environment Sander Snajalg JavaScript (ECMAScript) Object-oriented / functional scripting language Dynamic typing Prototype inheritance Objects are dictionaries of properties

492 views • 19 slides
Taming JavaScript with Cloud9 IDE: a Tale of Tree Hugging Zef Hemel (@zef) .js browser.js

Taming JavaScript with Cloud9 IDE: a Tale of Tree Hugging Zef Hemel (@zef) .js browser.js

Taming JavaScript with Cloud9 IDE: a Tale of Tree Hugging Zef Hemel (@zef) .js browser.js db.js server.js *.js ~140,000 Tooling matters JavaScript Developer HTML CSS JavaScript HTML5 Client CSS3 JavaScript HTML5 Client CSS3

1.45k views • 87 slides
GWT-Gears The Browser is the Platform The Browser is the Platform Didier Girard

GWT-Gears The Browser is the Platform The Browser is the Platform Didier Girard

GWT-Gears The Browser is the Platform The Browser is the Platform Didier Girard girard.d@sfeir.com Sfeir CTO Member of OSSGTP Before starting, some questions Who knows javascript ? Who is a javascript expert ? Who knows java ?

1.57k views • 93 slides
J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript

J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript

J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript Java JavaScript is interpreted by the browser JavaScript 1/15 JS W HERE T O <!DOCTYPE html> <html> <head> <script

591 views • 15 slides
This presentation contains animations which require PDF browser which accepts JavaScript. For

This presentation contains animations which require PDF browser which accepts JavaScript. For

This presentation contains animations which require PDF browser which accepts JavaScript. For best results use Acrobat Reader. RSK problems theorem: bumping routes proof, the easy part proof, science fiction the end R obinson- S chensted- K

1.11k views • 85 slides
JavaScript! What is JavaScript? A (traditionally) client-side scripting language Meant

JavaScript! What is JavaScript? A (traditionally) client-side scripting language Meant

JavaScript! What is JavaScript? A (traditionally) client-side scripting language Meant (traditionally) to run entirely on the users browser Defined by the ECMAscript standard, published by the ECMA foundation JavaScript != Java,

657 views • 32 slides
ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser

ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser

ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser Leo Meyerovich Benjamin Livshits UC Berkeley Microsoft Research Web Programmability Platform openid.net yelp.com adsense.com Google maps 2

727 views • 41 slides
Know Your Engines How to Make Your JavaScript Fast Dave Mandelin 8 November 2011 OReilly

Know Your Engines How to Make Your JavaScript Fast Dave Mandelin 8 November 2011 OReilly

Know Your Engines How to Make Your JavaScript Fast Dave Mandelin 8 November 2011 OReilly Velocity Europe Tuesday, November 8, 2011 JavaScript is getting really fast and programs are getting crazy Bullet physics engine (ammo.js) H.264

2.15k views • 184 slides
NDN in Javascript Ryan Bennett Colorado State University 1 A Bit of Background 2 Why

NDN in Javascript Ryan Bennett Colorado State University 1 A Bit of Background 2 Why

NDN in Javascript Ryan Bennett Colorado State University 1 A Bit of Background 2 Why Javascript? A fertile ground for NDN adoption Low deployment overhead in the browser JavaScript is moving from front-end to full stack Node.js

287 views • 14 slides
jsprobes cross-platform browser instrumentation using JavaScript Brian Burg (@brrian /

jsprobes cross-platform browser instrumentation using JavaScript Brian Burg (@brrian /

jsprobes cross-platform browser instrumentation using JavaScript Brian Burg (@brrian / burg@cs.uw.edu) Background: browser research template 1 2 3

781 views • 23 slides
Javascript in the browser Thierry Sans Example <html> <body> <script

Javascript in the browser Thierry Sans Example <html> <body> <script

Javascript in the browser Thierry Sans Example <html> <body> <script type="text/javascript"> document.body.innerHTML = "<h1>This is a heading</h1>"; </script> </body>

402 views • 15 slides
CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser

CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser

CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser after page is sent back from server often this code manipulates the page or responds to user actions What is JavaScript? a lightweight

643 views • 29 slides
React A JavaScript library for building user interfaces What is React? JavaScript library

React A JavaScript library for building user interfaces What is React? JavaScript library

React A JavaScript library for building user interfaces What is React? JavaScript library created by Facebook Open source Runs on Node.js and renders in the browser Why use React? Declarative Modular Stateful

380 views • 17 slides
Detection of Browser Fingerprinting by Static JavaScript Code Classification Sjors Haanen &

Detection of Browser Fingerprinting by Static JavaScript Code Classification Sjors Haanen &

Detection of Browser Fingerprinting by Static JavaScript Code Classification Sjors Haanen & Tim van Zalingen UvA February 6, 2018 Supervisors (KPMG): Aidan Barrington & Ruben de Vries Research Project 82 Sjors Haanen & Tim van

331 views • 30 slides
Writing Efficient JavaScript What makes JavaScript slow and what to do about it Nicholas C. Zakas

Writing Efficient JavaScript What makes JavaScript slow and what to do about it Nicholas C. Zakas

Writing Efficient JavaScript What makes JavaScript slow and what to do about it Nicholas C. Zakas Principal Front End Engineer, Yahoo! Velocity June 2009 Who's this guy? Principal Front End Engineer, Yahoo! Homepage YUI

1.83k views • 139 slides
Developing data structures for JavaScript JavaScript devroom, FOSDEM 2019, Brussels Why and how

Developing data structures for JavaScript JavaScript devroom, FOSDEM 2019, Brussels Why and how

Developing data structures for JavaScript JavaScript devroom, FOSDEM 2019, Brussels Why and how to implement efcient data structures to use with node.js or in the browser? Who am I? Guillaume Plique alias Yomguithereal on both Github and

659 views • 53 slides
CICS 515 a Internet Programming Week 3 Mike Feeley 1 JavaScript 2 JavaScript is not Java

CICS 515 a Internet Programming Week 3 Mike Feeley 1 JavaScript 2 JavaScript is not Java

CICS 515 a Internet Programming Week 3 Mike Feeley 1 JavaScript 2 JavaScript is not Java client-side scripting language program that runs in browser at client two ways to include it in HTML document embedded blah.html:

588 views • 16 slides

More recommend