English

XSS-FP: Browser Fingerprinting using HTML Parser Quirks

Cryptography and Security 2012-11-21 v1

Abstract

There are many scenarios in which inferring the type of a client browser is desirable, for instance to fight against session stealing. This is known as browser fingerprinting. This paper presents and evaluates a novel fingerprinting technique to determine the exact nature (browser type and version, eg Firefox 15) of a web-browser, exploiting HTML parser quirks exercised through XSS. Our experiments show that the exact version of a web browser can be determined with 71% of accuracy, and that only 6 tests are sufficient to quickly determine the exact family a web browser belongs to.

Keywords

Cite

@article{arxiv.1211.4812,
  title  = {XSS-FP: Browser Fingerprinting using HTML Parser Quirks},
  author = {Erwan Abgrall and Yves Le Traon and Martin Monperrus and Sylvain Gombault and Mario Heiderich and Alain Ribault},
  journal= {arXiv preprint arXiv:1211.4812},
  year   = {2012}
}
R2 v1 2026-06-21T22:41:43.684Z