Maxime Huyghe (Univ. Lille, Inria, CNRS, UMR 9189 CRIStAL), Clément Quinton (Univ. Lille, Inria, CNRS, UMR 9189 CRIStAL), Walter Rudametkin (Univ. Rennes, Inria, CNRS, UMR 6074 IRISA)

Web browsers have become complex tools used by billions of people. The complexity is in large part due to its adaptability and variability as a deployment platform for modern applications, with features continuously being added. This also has the side effect of exposing configuration and hardware properties that are exploited by browser fingerprinting techniques.

In this paper, we generate a large dataset of browser fingerprints using multiple browser versions, system and hardware configurations, and describe a tool that allows reasoning over the links between configuration parameters and browser fingerprints. We argue that using generated datasets that exhaustively explore configurations provides developers, and attackers, with important information related to the links between configuration parameters (i.e., browser, system and hardware configurations) and their exhibited browser fingerprints. We also exploit Browser Object Model (BOM) enumeration to obtain exhaustive browser fingerprints composed of up to 16, 000 attributes.

We propose to represent browser fingerprints and their configurations with feature models, a tree-based representation commonly used in Software Product Line Engineering (SPLE) to respond to the challenges of variability, to provide a better abstraction to represent browser fingerprints and configurations. With translate 89, 486 browser fingerprints into a feature model with 35, 857 nodes from 1, 748 configurations. We show the advantages of this approach, a more elegant tree-based solution, and propose an API to query the dataset. With these tools and our exhaustive configuration exploration, we provide multiple use cases, including differences between headless and headful browsers or the selection of a minimal set of attributes from browser fingerprints to re-identify a configuration parameter from the browser.

View More Papers

HADES Attack: Understanding and Evaluating Manipulation Risks of Email...

Ruixuan Li (Tsinghua University), Chaoyi Lu (Tsinghua University), Baojun Liu (Tsinghua University;Zhongguancun Laboratory), Yunyi Zhang (Tsinghua University), Geng Hong (Fudan University), Haixin Duan (Tsinghua University;Zhongguancun Laboratory), Yanzhong Lin (Coremail Technology Co. Ltd), Qingfeng Pan (Coremail Technology Co. Ltd), Min Yang (Fudan University), Jun Shao (Zhejiang Gongshang University)

Read More

Can Public IP Blocklists Explain Internet Radiation?

Simone Cossaro (University of Trieste), Damiano Ravalico (University of Trieste), Rodolfo Vieira Valentim (University of Turin), Martino Trevisan (University of Trieste), Idilio Drago (University of Turin)

Read More

GAP-Diff: Protecting JPEG-Compressed Images from Diffusion-based Facial Customization

Haotian Zhu (Nanjing University of Science and Technology), Shuchao Pang (Nanjing University of Science and Technology), Zhigang Lu (Western Sydney University), Yongbin Zhou (Nanjing University of Science and Technology), Minhui Xue (CSIRO's Data61)

Read More

Cross-Origin Web Attacks via HTTP/2 Server Push and Signed...

Pinji Chen (Tsinghua University), Jianjun Chen (Tsinghua University & Zhongguancun Laboratory), Mingming Zhang (Zhongguancun Laboratory), Qi Wang (Tsinghua University), Yiming Zhang (Tsinghua University), Mingwei Xu (Tsinghua University), Haixin Duan (Tsinghua University)

Read More