XSS-FP: Browser Fingerprinting using HTML Parser Quirks
Cryptography and Security
2012-11-21 v1
Abstract
There are many scenarios in which inferring the type of a client browser is desirable, for instance to fight against session stealing. This is known as browser fingerprinting. This paper presents and evaluates a novel fingerprinting technique to determine the exact nature (browser type and version, eg Firefox 15) of a web-browser, exploiting HTML parser quirks exercised through XSS. Our experiments show that the exact version of a web browser can be determined with 71% of accuracy, and that only 6 tests are sufficient to quickly determine the exact family a web browser belongs to.
Keywords
Cite
@article{arxiv.1211.4812,
title = {XSS-FP: Browser Fingerprinting using HTML Parser Quirks},
author = {Erwan Abgrall and Yves Le Traon and Martin Monperrus and Sylvain Gombault and Mario Heiderich and Alain Ribault},
journal= {arXiv preprint arXiv:1211.4812},
year = {2012}
}