Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Reducing browser finger printing

fingerprinting browser security internet firefox cookies

  • Please log in to reply
18 replies to this topic

#13 Sundance

Sundance

    CC Devotee

  • Validating
  • PipPipPipPipPipPip
  • 572 posts
  • Programming Language:C, Java, PHP, Python, JavaScript, Perl, PL/SQL, Transact-SQL, Bash, Others

Posted 26 April 2014 - 11:11 AM

 Anything can be done from this position, from spying to adding malicious code.  

To even stealing your cookies ;D


  • 0

Please read the

FaQ & Guidelines


#14 0xFACEB004

0xFACEB004

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 625 posts
  • Location:Chicago
  • Programming Language:C, Java, C++, PHP, (Visual) Basic, JavaScript, Visual Basic .NET, Others
  • Learning:Assembly, Others

Posted 26 April 2014 - 11:14 AM

Perhaps KJGino should make a tutorial on what MITM attacks are and how to avoid them? 

 

The only money-back guaranteed, absolute surefire way to avoid MITM attacks:

Step 1. Stay off of the internet

Step 2. Repeat step 1 :P


  • 0

                                                                                                                                                                            FACEB00K Likes this.


#15 BlackRabbit

BlackRabbit

    CodeCall Legend

  • Expert Member
  • PipPipPipPipPipPipPipPip
  • 3871 posts
  • Location:Argentina
  • Programming Language:C, C++, C#, PHP, JavaScript, Transact-SQL, Bash, Others
  • Learning:Java, Others

Posted 26 April 2014 - 11:22 AM

Lol, not that bad, but, you can do it, but at another level, by not relying in the message only, but in the low-level TCP layers. The middle man will always leave a signature down there, in the dark of the TCP layers.

 

And other thing, fingerprint is good when you use for alerts, for example, you can set gmail to tell you when someone logs into your mail account from a computer who has not your fingerprint.


  • 1

#16 0xFACEB004

0xFACEB004

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 625 posts
  • Location:Chicago
  • Programming Language:C, Java, C++, PHP, (Visual) Basic, JavaScript, Visual Basic .NET, Others
  • Learning:Assembly, Others

Posted 26 April 2014 - 11:36 AM

But if you use a proxy server (e.g. Hidemyass, or even a TOR relay node), how can you detect that that signature is from the legitimate proxy itself and not the middle man, BR?


  • 0

                                                                                                                                                                            FACEB00K Likes this.


#17 BlackRabbit

BlackRabbit

    CodeCall Legend

  • Expert Member
  • PipPipPipPipPipPipPipPip
  • 3871 posts
  • Location:Argentina
  • Programming Language:C, C++, C#, PHP, JavaScript, Transact-SQL, Bash, Others
  • Learning:Java, Others

Posted 26 April 2014 - 11:45 AM

Easy, a proxy is not a hop, so it will add one extra layer in the TCP/IP.

You just need to establish how many hops you have between you and your destination.

Let's say, an easy case, you and I work in two different branches of the same company, and a communication between us, for network topology, has only two routers, your local, and mine. If TCP/IP layers shows one more than that, then someone has been manipulating messages in the middle ;)

And that someone, is someone inside ;)  which is the typical MITM MO.


Edited by BlackRabbit, 26 April 2014 - 11:47 AM.

  • 1

#18 BlackRabbit

BlackRabbit

    CodeCall Legend

  • Expert Member
  • PipPipPipPipPipPipPipPip
  • 3871 posts
  • Location:Argentina
  • Programming Language:C, C++, C#, PHP, JavaScript, Transact-SQL, Bash, Others
  • Learning:Java, Others

Posted 26 April 2014 - 12:17 PM

It's a pity this one  knowledge is one I didn't exercise in years, because it's a very nice subject to talk about but even when I remember how it works from point to point, I don't remember all the technical words to properly talk about it.

 

Just let me tell you TCP/IP layers register every step on its way because it needs to track itself back, if packet from A to B, passes by C and D. in the TCP/IP layer you'll have A C D B signed (because the packet must be able to come back in case of error) so the packet will be: Message (your data) plus tracking layers ( A C D B ). When whatever program, device, etc, touches the message, it got registered down there. You'll tell me, hey Tor wipes that out, or rewrite it. Well to do so, you need to do it, (or used to need to do it) by rewriting a routing device code. What TOR does, I GUESS, is taking your layer out of the message, as if they were originators, and saving it themselves logically, re adding it back when the answer to the package comes back. That takes serious programing and processing, and probably they did by reprograming a routing device, or even rewriting the tcp layer of their O.S.

 

I wish I've been working with this lately so I could have better context in my head, but it will come back as I remember more exactly the things I used to check/do years ago.


  • 0

#19 0xFACEB004

0xFACEB004

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 625 posts
  • Location:Chicago
  • Programming Language:C, Java, C++, PHP, (Visual) Basic, JavaScript, Visual Basic .NET, Others
  • Learning:Assembly, Others

Posted 26 April 2014 - 12:35 PM

This subject fascinates me too (even though I was bored out of my mind in my networking class lol)!

 

But I never thought about it on the TCP layer, so I will look into that. But what about the different forms of MITM...how would the TCP signature be affected by something like DNS spoofing? How could it detect that?

 

Here are some of the attacks I am referring to: https://www.blackhat...-03-valleri.pdf


  • 1

                                                                                                                                                                            FACEB00K Likes this.






Also tagged with one or more of these keywords: fingerprinting, browser, security, internet, firefox, cookies

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download