Nmap Project Idea | GSOC 2015 | Panopticlick | fake fingerprint

[Rohit Dua <8ohit.dua () gmail com>]

Hello

I'm Rohit from India, aspiring for gsoc-2015(Nmap). This will be my 2nd
consecutive year for gsoc participation. Previous mediawiki. Project:BUB
tool <http://tools.wmflabs.org/bub/>

I would like to propose a project relating to fake browser fingerprinting.

Panopticlick obtains browser fingerprints mainly via javascript
objects(navigator, screen, window etc.)  These objects are easy to fake in
webkit browsers, without touching the underlying source code of browsers,
eg.  using *__defineGetter__() *after every*javascriptObjectCleared.*

If we could compile a large dataset of possible values of js object for
several popular browsers, we could use that to randomize the fingerprint
for each network request.

The dataset could also contain random http header values etc.

I am building a python library that does somewhat similar.
https://github.com/rohit-dua/selkie (*in development*) It uses pyqt for
headless browsing/scraping of webpages. It is a python library that mimics
different browser fingerprints by faking(randomizing) the values of
navigator, screen object, headers etc. I also intend to add biometric
library that mimics humans mouse movements/ keypress statistics for
clicking links and surfing pages.

I propose to build a similar headless bot that mimics several browsers
fingerprints and could be used for anonymous scraping of data and/or adding
a feature of random fingerprint in awesome tor tools. Also to improve
anonymity location based datasets could be provided(*supported in the above
library*) as extra/feature.(maybe downloaded fromstatcounter.com)

Thanks

Rohit Dua

IRC:rohit-dua

github: rohit-dua <https://github.com/rohit-dua/>

(8ohit.dua () gmail com)

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/