XSS-FP: Browser Fingerprinting using HTML Parser Quirks

by Erwan Abgrall, Yves Le Traon, Martin Monperrus, Sylvain Gombault, Mario Heiderich and Alain Ribault
Abstract: There are many scenarios in which inferring the type of a client browser is desirable, for instance to fight against session stealing. This is known as browser fingerprinting. This paper presents and evaluates a novel fingerprinting technique to determine the exact nature (browser type and version, eg Firefox 15) of a web-browser, exploiting HTML parser quirks exercised through XSS. Our experiments show that the exact version of a web browser can be determined with 71% of accuracy, and that only 6 tests are sufficient to quickly determine the exact family a web browser belongs to.
 View PDF
Open-access (on arXiv.org)
Citations: [citations]
Other publications of Martin Monperrus

Cite it:

Erwan Abgrall, Yves Le Traon, Martin Monperrus, Sylvain Gombault, Mario Heiderich and Alain Ribault, "XSS-FP: Browser Fingerprinting using HTML Parser Quirks", Technical report, arXiv 1211.4812, 2012.
XSS-FP: Browser Fingerprinting using HTML Parser Quirks
http://arxiv.org/pdf/1211.4812
[XSS-FP: Browser Fingerprinting using HTML Parser Quirks](http://arxiv.org/pdf/1211.4812)
\href{http://arxiv.org/pdf/1211.4812}{XSS-FP: Browser Fingerprinting using HTML Parser Quirks} % \cite{1211.4812}

Bibtex Entry:

@techreport{1211.4812,
 title = {XSS-FP: Browser Fingerprinting using HTML Parser Quirks},
 year = {2012},
 author = {Erwan Abgrall and Yves Le Traon and Martin Monperrus and Sylvain Gombault and Mario Heiderich and Alain Ribault},
 url = {http://arxiv.org/pdf/1211.4812},
 number = {1211.4812},
 institution = {arXiv},
}
Powered by bibtexbrowser
Tagged as: