Maxime Huyghe (Univ. Lille, Inria, CNRS, UMR 9189 CRIStAL), Clément Quinton (Univ. Lille, Inria, CNRS, UMR 9189 CRIStAL), Walter Rudametkin (Univ. Rennes, Inria, CNRS, UMR 6074 IRISA)

Web browsers have become complex tools used by billions of people. The complexity is in large part due to its adaptability and variability as a deployment platform for modern applications, with features continuously being added. This also has the side effect of exposing configuration and hardware properties that are exploited by browser fingerprinting techniques.

In this paper, we generate a large dataset of browser fingerprints using multiple browser versions, system and hardware configurations, and describe a tool that allows reasoning over the links between configuration parameters and browser fingerprints. We argue that using generated datasets that exhaustively explore configurations provides developers, and attackers, with important information related to the links between configuration parameters (i.e., browser, system and hardware configurations) and their exhibited browser fingerprints. We also exploit Browser Object Model (BOM) enumeration to obtain exhaustive browser fingerprints composed of up to 16, 000 attributes.

We propose to represent browser fingerprints and their configurations with feature models, a tree-based representation commonly used in Software Product Line Engineering (SPLE) to respond to the challenges of variability, to provide a better abstraction to represent browser fingerprints and configurations. With translate 89, 486 browser fingerprints into a feature model with 35, 857 nodes from 1, 748 configurations. We show the advantages of this approach, a more elegant tree-based solution, and propose an API to query the dataset. With these tools and our exhaustive configuration exploration, we provide multiple use cases, including differences between headless and headful browsers or the selection of a minimal set of attributes from browser fingerprints to re-identify a configuration parameter from the browser.

View More Papers

EAGLEYE: Exposing Hidden Web Interfaces in IoT Devices via...

Hangtian Liu (Information Engineering University), Lei Zheng (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Shuitao Gan (Laboratory for Advanced Computing and Intelligence Engineering), Chao Zhang (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Zicong Gao (Information Engineering University), Hongqi Zhang (Henan Key Laboratory of Information Security), Yishun Zeng (Institute for Network Sciences…

Read More

The Philosopher’s Stone: Trojaning Plugins of Large Language Models

Tian Dong (Shanghai Jiao Tong University), Minhui Xue (CSIRO's Data61), Guoxing Chen (Shanghai Jiao Tong University), Rayne Holland (CSIRO's Data61), Yan Meng (Shanghai Jiao Tong University), Shaofeng Li (Southeast University), Zhen Liu (Shanghai Jiao Tong University), Haojin Zhu (Shanghai Jiao Tong University)

Read More

Reinforcement Unlearning

Dayong Ye (University of Technology Sydney), Tianqing Zhu (City University of Macau), Congcong Zhu (City University of Macau), Derui Wang (CSIRO’s Data61), Kun Gao (University of Technology Sydney), Zewei Shi (CSIRO’s Data61), Sheng Shen (Torrens University Australia), Wanlei Zhou (City University of Macau), Minhui Xue (CSIRO's Data61)

Read More