BROWSER FINGERPRINTING

In this post, I am going to introduce Browser Fingerprinting and I will also demonstrate on how theBrowser Autopwn exploit works. To introduce you first, that over the time, the privacy on the internet has become the prime concern of the users. So in how many ways you think you are carrying this privacy? Or that your activities aren’t being tracked on the web? It’s by-far very true that disabling cookies or using private browsing keeps you from being uniquely identified. But to bring it to your notice, lol! you can still be uniquely pointed out. Wondering how?

“Its more like, hey dude! I don’t even need your damn IP and cookies to find you out.”

Actually, the modern web browsers that we use, send too much of small bits of information to the websites such as the screen size, colour schemes, detailed browser version, fonts installed, the order in which they are installed, font size, OS information and a whole bunch of similar info. So, these innocent looking information in bits, figure out the unique users on their website. Though this has been raised as an issue by most security researchers, still this technique is being used by some bank and credit card companies to identify if its a legitimate user or not. They call this technique, Client-less Device Identification.

So far so good, I will now show you how browser fingerprinting has been used by attackers for getting into the victim’s computer probably making use of social engineering as well.

Let’s assume that the victim has been using some older versions of the browser (might be IE6,7 or Firefox 4 and so on). The attacker uses the exploit to generate a random URL which serves as the lethal weapon against the victim. All the attacker has to do, is convince or persuade the victim to go to that URL, which might involve something of social engineering. The attacker can as well publish that URL on the web and wait for some connection. As soon as a user, which hereby becomes the victim, goes to that URL, he/she sees a loading notification and on the other end, the attacker can see a session that gets created. His job done. Thereby he exclaims, “WHOOPIE!”. Now he has the complete unbound access of the victim’s computer.

To show you the demo snaps, I opened up Metasploit Framework console, used the browser_autopwnexploit as shown:

Type ‘show options‘ to get the list of default options to use the exploit. LHOST must be the IP address of the attacker. SRVPORT is the port to listen on. I used port 80. URIPATH can be anything. After setting up the option, fire the exploit by typing ‘exploit‘. Check the snap below:

As soon as we type ‘exploit‘, the exploit starts the server, generates random URLs and starts listening at port 80. The URL that’s listed at the end would be like ‘http://192.168.244.1/abhimanyu‘ ( This acts as what we call ‘payload’). The moment the user goes to the URL on his computer, that has been generated on the attacker’s side, exactly the same thing happens as I explained before the demo, eventually creating a session.

So this works out very fine and think over how Browser Fingerprinting plays its role. Note that, the attacker doesn’t even know the victim’s IP initially, even though the attacker successfully creates the session using the exploit.

Disclaimer: This is for educational purpose and to make you aware of the scenarios of various different security breaches. The administrator or the authors of prohackersden will not be responsible for any misuse of this post.