XSS-FP: Browser Fingerprinting using HTML Parser QuirksReport as inadecuate




XSS-FP: Browser Fingerprinting using HTML Parser Quirks - Download this document for free, or read online. Document in PDF available to download.

1 Uni.lu - Université du Luxembourg 2 KEREVAL 3 S-nT - Security, Reliability and Trust Interdisciplibary Research Centre 4 ADAM - Adaptive Distributed Applications and Middleware LIFL - Laboratoire d-Informatique Fondamentale de Lille, Inria Lille - Nord Europe 5 RSM - Département Réseaux, Sécurité et Multimédia 6 Ruhr-Universität Bochum Bochum 7 KEREVAL

Abstract : There are many scenarios in which inferring the type of a client browser is desirable, for instance to fight against session stealing. This is known as browser fingerprinting. This paper presents and evaluates a novel fingerprinting technique to determine the exact nature browser type and version, eg Firefox 15 of a web-browser, exploiting HTML parser quirks exercised through XSS. Our experiments show that the exact version of a web browser can be determined with 71\% of accuracy, and that only 6 tests are sufficient to quickly determine the exact family a web browser belongs to.





Author: Erwan Abgrall - Yves Le Traon - Martin Monperrus - Sylvain Gombault - Mario Heiderich - Alain Ribault -

Source: https://hal.archives-ouvertes.fr/



DOWNLOAD PDF




Related documents