BrowserRecon - Advance Web Browser Fingerprinting
345 views 
The browserrecon project is doing some research in the field of web client fingerprinting. The goal is the highly accurate identification of given web browser implementations. This became important within professional vulnerability analysis (e.g. drive-by pharming and phishing).
Besides the discussion of different approaches and the documentation of gathered results also an implementation for automated analysis is provided. This software shall improve the easyness and efficiency of this kind of enumeration. Traditional approaches known from http fingerprinting (e.g. header-order) are used. However, many other analysis techniques were introduced to increase the possibilities of accurate web client fingerprinting.
Ahh .. this is great for web
Ahh .. this is great for web exploit toolkit writers ...
The current release of browserrecon is written in PHP. Therefore, you might be able to use browserrecon on a web server supporting PHP. If you want to include browserrecon in a given web application, the software has to support PHP itself or a fork of the PHP scripts. Because browserrecon requires direct access to the http headers sent to the web server, the framework is not able to run in PHP CGI mode.
Now a lot of web exploit toolkits actually detect your web browser and determine which vulnerability it should use to exploit your browser and run the exploit. Some people tried to obfuscate the browser version and other details using their web proxy so that this information is not leaked.
But, now with this fingerprint tool... web-toolkit authors don't have to write tons of javascript to determine browser and other stuff. Moreover, all these web exploit toolkits are coming out in PHP anyways...
Post new comment