XSS-FP: Browser Fingerprinting using HTML Parser Quirks

Alain Ribault; Erwan Abgrall (Uni.lu); Mario Heiderich; Martin Monperrus (INRIA Lille - Nord Europe); S'nT); Sylvain Gombault (RSM); Yves Le Traon (Uni.lu

arxiv: 1211.4812 · v1 · pith:VEGPZLNCnew · submitted 2012-11-20 · 💻 cs.CR

XSS-FP: Browser Fingerprinting using HTML Parser Quirks

Erwan Abgrall (Uni.lu) , Yves Le Traon (Uni.lu , S'nT) , Martin Monperrus (INRIA Lille - Nord Europe) , Sylvain Gombault (RSM) , Mario Heiderich , Alain Ribault This is my paper

classification 💻 cs.CR

keywords browserexactfingerprintingdeterminehtmlparserquirkstype

0 comments

read the original abstract

There are many scenarios in which inferring the type of a client browser is desirable, for instance to fight against session stealing. This is known as browser fingerprinting. This paper presents and evaluates a novel fingerprinting technique to determine the exact nature (browser type and version, eg Firefox 15) of a web-browser, exploiting HTML parser quirks exercised through XSS. Our experiments show that the exact version of a web browser can be determined with 71% of accuracy, and that only 6 tests are sufficient to quickly determine the exact family a web browser belongs to.

This paper has not been read by Pith yet.

XSS-FP: Browser Fingerprinting using HTML Parser Quirks

discussion (0)