Nmap Development mailing list archives
Re: Nmap Project Idea | GSOC 2015 | Panopticlick | fake fingerprint
From: Jacek Wielemborek <d33tah () gmail com>
Date: Fri, 27 Feb 2015 12:21:15 +0100
W dniu 27.02.2015 o 10:29, Rohit Dua pisze:
Hello I'm Rohit from India, aspiring for gsoc-2015(Nmap). This will be my 2nd consecutive year for gsoc participation. Previous mediawiki. Project:BUB tool <http://tools.wmflabs.org/bub/> I would like to propose a project relating to fake browser fingerprinting. Panopticlick obtains browser fingerprints mainly via javascript objects(navigator, screen, window etc.) These objects are easy to fake in webkit browsers, without touching the underlying source code of browsers, eg. using *__defineGetter__() *after every*javascriptObjectCleared.* If we could compile a large dataset of possible values of js object for several popular browsers, we could use that to randomize the fingerprint for each network request. The dataset could also contain random http header values etc. I am building a python library that does somewhat similar. https://github.com/rohit-dua/selkie (*in development*) It uses pyqt for headless browsing/scraping of webpages. It is a python library that mimics different browser fingerprints by faking(randomizing) the values of navigator, screen object, headers etc. I also intend to add biometric library that mimics humans mouse movements/ keypress statistics for clicking links and surfing pages. I propose to build a similar headless bot that mimics several browsers fingerprints and could be used for anonymous scraping of data and/or adding a feature of random fingerprint in awesome tor tools. Also to improve anonymity location based datasets could be provided(*supported in the above library*) as extra/feature.(maybe downloaded fromstatcounter.com) Thanks Rohit Dua IRC:rohit-dua github: rohit-dua <https://github.com/rohit-dua/> (8ohit.dua () gmail com)
Hello, I'm not sure I understand your proposal. The way I get it, you are thinking of building a Qt interface for Nmap in order to fake javascript behavior of other browsers. If I am correct, the problem is that this involves adding a huge dependency to the scanner, so I don't think this is feasible. Other developers might have different opinions, though. The alternative would be to use an already existing browser with the aid of Selenium or PhantomJS. The problem is that - if I recall correctly - scripts that rely on third-party software don't get bundled with standard Nmap distributions. Jacek Wielemborek
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap Project Idea | GSOC 2015 | Panopticlick | fake fingerprint Rohit Dua (Feb 26)
- <Possible follow-ups>
- Nmap Project Idea | GSOC 2015 | Panopticlick | fake fingerprint Rohit Dua (Feb 27)
- Re: Nmap Project Idea | GSOC 2015 | Panopticlick | fake fingerprint Jacek Wielemborek (Feb 27)
- Re: Nmap Project Idea | GSOC 2015 | Panopticlick | fake fingerprint Fyodor (Mar 03)