Browser fingerprint interpretation

The popular science article , Simple interpretation of browser fingerprint related content , If there is any description, please forgive me .

Browser fingerprint

Browser fingerprints are important , In data collection 、 Search engine 、 Buried point analysis 、 Website testing and other aspects are reflected .

Fingerprint usually refers to the client device information collected by the server for identification . Even without cookie, Fingerprints can also be used to identify individual users or devices .

For example, fingerprints commonly used for recording Header、Cookie、IP、DNS、UserAgent,Font（ Font list ）,Language,localStorage、Plugin（ plug-in unit ）,Canvas（ Render the drawing ）,WebGL（3D Rendering graphics ）,Web Vendor（ Hardware manufacturer information ）,Timezone（ The time zone ）,WebRTC（web signal communication API）,ScreenResolution（ The resolution of the ）,Platform（ System ）,Audio（ Audio settings and hardware feature fingerprints ）, as well as enumerateDevices（ Other media devices ）、CPU、GPU Information, etc. .

Like user agents 、HTML Element attributes 、Dom Object operations are all basic fingerprints .
Like graphic rendering 、 Audio fingerprint 、 Hardware fingerprints these are advanced fingerprints , It is difficult to generate or simulate .
Like browsing records 、 Access frequency and so on belong to behavioral fingerprints , It is often used to judge malicious access , Specific decision rules need to be tested .

When you browse the page , The website can track your browser fingerprint , In addition, some websites will generate devices based on fingerprint information ID Then send the behavior log .
So after you visit a website , It doesn't have cookie, But there is a unique fingerprint , Therefore, it is very easy to push advertising or behavior detection .

Check your browser fingerprint online ：

• https://www.deviceinfo.me/ （ Very detailed equipment information ）
• https://www.yalala.com/ （ A single characteristic fingerprint ）
• http://uniquemachine.org/ （ A fingerprint that combines features ）
• https://pixelscan.net/ （ Pixel scan information ）
• https://ja3er.com/ (ja3 SSL The fingerprint )
• https://iphey.com/#loc-text （ With IP Primarily digital identity ）
• http://dnscookie.com/ （NDS cookie The fingerprint ）
• https://amiunique.org/fp
• https://firstpartysimulator.net/kcarter?

chromedriver The fingerprint

Mention it chromedriver drive , Whether it's selenium perhaps puppeteer perhaps playwright, be based on chromedriver The encapsulated automation tool libraries are easily monitored by the website , So how to deal with fingerprint detection is very important for users .

For example, characteristic parameters webdriver, Launch parameters no-first-run、window-size、log-level、start-maximized、no-sandbox etc. , User characteristics user_data_dir、language, As well as some html type Webelement etc. .

Set up webdriver by flase：

broser.execute_cdp_cmd(
     "Page.addScriptToEvaluateOnNewDocument",
     {
    
         "source": """ Object.defineProperty(window, 'navigator', { value: new Proxy(navigator, { has: (target, key) => (key === 'webdriver' ? false : key in target), get: (target, key) => key === 'webdriver' ? false : typeof target[key] === 'function' ? target[key].bind(target) : target[key] }) }); """
     },
)

Specific methods can refer to undetected-chromedriver Open source library , Rich solutions are provided in the source code .

A plug-in that hides fingerprints

Canvas Fingerprint Defender hide canvas, Not applicable to the latest chrome.

AudioContext Fingerprint Defender-AudioContext Fake fingerprints .

Chameleon by sereneblue modify UA、 The resolution of the 、 Language, etc. .

Some plug-ins are no longer applicable to the new version google Of manifest_version requirement , We can also disable some fingerprints manually , such as Canvas 、WebGL, Or simply disable JavaScript, But it will affect the normal operation of the website .

Even disable JavaScript after , Some websites will also be based on the CSS Style sheets to get information .

Modify the browser of the fingerprint

So sometimes you can use a fingerprint browser to debug .

Colossus browser
AdsPower browser
Allah fish fingerprint browser
hubstudio Fingerprint browser
Onion browser

Generation of anti crawling fingerprints

At present, common anti - crawling fingerprints are

• Request fingerprint based on some algorithm （ Such as ：TLS-Ja3、 Message fingerprint ）
• Environment fingerprint generated based on some algorithm （ Such as ：fingerprint2）
• Interface call information returned based on the execution result of the server preset file （ Such as ： journal ）
• Extract the frame number information of the browser based on the browser's animation rendering of different parameters of the server

These fingerprints can generate values for verification , Whether it's verifying the request or decrypting the data . However, fingerprints are usually used in combination with other information when used for inspection , So some sites ​ It is no longer possible to effectively collect data only by heap number .

such as https://fingerprintjs.com/demo/ An example of .

Its algorithm generates a unique identifier associated with the browser information and the device , For access identification , For specific methods, please read the official documents .

canvas The fingerprint

Check online ：https://browserleaks.com/canvas

Canvas It's a kind of HTML5 API, It's like a canvas , Used by JavaScript Scripts draw graphics and animations on Web pages .

because Canvas The image content generated on different operating systems and browsers is basically different , So it can be used as a feature in browser fingerprint recognition , Used to identify .

But we need to pay attention canvas Fingerprints are not unique , So it is often combined with other fingerprints to calculate the unique identity ID.

That's in Js How to get Canvas What about fingerprints , Usually based on Canvas Draw pictures of specific content , And then use canvas.toDataURL() Method returns the content of the picture base64 Encoded string , This is often encountered when we supplement the environment .

Then, when it comes to mending , Look at its calling method and return result , Then take out. base64 Values in toDataURL() in .

document = {
    
	createElement: function createElement(x) {
    
		return canvas
	}
};

canvas = {
    
	toDataURL: function toDataURL() {
    
		return "data:image/png;base64,i.....ggg=="
	},
	getContext: function getContext(x) {
    
        if (x === "xxx") {
    
            return 
        } else {
    
            return CanvasContext 
        }
	}
};

CanvasContext = {
    
	arc: function arc() {
    },
	stroke: function stroke() {
    },
	fillText: function fillText() {
    },
	toString: function() {
    
        return "[object]"
    }
};

canvas[Symbol.toStringTag] = "HTMLCanvasElement";

Audio fingerprint

Browser audio fingerprint AudioContext Address of the test ：https://audiofingerprint.openwpm.com/

AudioContext Fingerprints are an attribute of the computer audio stack itself ,AudioContext The interface represents an audio processing diagram constructed by linked audio modules , The audio context controls the creation of the nodes it contains and the execution of audio processing or decoding .

stay FingerprintJS2 There is a code to get audio fingerprints .

Audio fingerprints can be affected by hardware , Because the audio signal processing is different , There are differences in the audio output generated by different machines or different browsers .

For example, use google Compare the browser with the wechat built-in browser , The sum of buffer values is different , This leads to the generation of hash Different values .

But it should be noted that , Under the same machine AudioContext The properties of seem to be the same , So when such tests are found , You can try to modify some audio properties .

Tool station

I added... To the tool station fingerprint2, Take a look at your browser environment .

cnlans.com/lx/tools