3

Some websites have JavaScripts which are used for browser fingerprinting. I know these type of scripts check and send data back to server like: browser user agent, screen resolution, fonts list and etc. So my question would be: is it possible to inspect these scripts from client side? If yes, how?

Improve this question
2
  • i wrote this to bust <canvas> fingerprinting, one newer and particularly powerful method used by some: danml.com/notrack browse code:jsfiddle.net/976fuyyh Commented Dec 16, 2014 at 1:05
  • Thanks. Canvas is not a problem, theres a handful of plugins to fight that type of fingerprinting. Apart from canvas there are many more things which builds bits of entropy. I'm looking to identify exact JS scripts website is running to fingerprint users/browsers/devices Commented Dec 16, 2014 at 1:13

2 Answers 2

Reset to default
1

you can list all the scripts used by newer browsers thanks to performance.getEntries(): 

var scripts=[].slice.call(performance.getEntries()) .map(function(a){return a.initiatorType==="script" && a.name; }) .filter(Boolean); alert(scripts); /* on this page in console: ["http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "http://cdn.sstatic.net/Js/stub.en.js?v=aa4bf2e33f9d", "http://cdn.sstatic.net/Js/full.en.js?v=207a95000ab6", "http://cdn.sstatic.net/Js/snippet-javascript.en.js?v=3a04bf1d3cc0", "http://cdn.sstatic.net/Js/post-validation.en.js?v=59400b6b717e", "http://cdn-prom.sstatic.net/WinterBash/js/core.js?2", "http://cdn.sstatic.net/Js/external-editor.en.js?v=49dac339584c", "http://winterbash2014.stackexchange.com/api/is-participating?callback=wbParticipating2682405&accountId=2682405&host=stackoverflow.com&_=1418692483862", "http://cdn.sstatic.net/Js/wmd.en.js?v=988f5766f506"] */

if you know of any bad-behaving filenames, you can detect and counteract them, or feed the list of urls to something that can fetch and scan the script contents themselves; not sure what your end-goal is here...

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Sorry for newbie question but where and how should I run the code provided by you? The end goal is to identify what type of JS website is using to identify users so I can create a work around for it.
@Born: this is the first step of that process; identifying what scripts the page is actually running (from JS).
1

Yes, it is possible to inspect any script on any website with the right debugging tools and time to sort through things.

For any given web site, you can run a debugger like the Chrome debugger, open the network tab and see all network requests that the browser makes. You would then have to sort through those requests to see which ones contained the information you are looking for. If you then wanted to find the scripts responsible for those requests, you'd have to work backwards in analyzing the site and scripts to figure out which script contains the code making the request.

I am not aware of any automated way to detect exactly which requests contain the information you want. Tools like Disconnect.me automatically shield your browser from some common tracking techniques of some common services, but that tool can also cause problems on some sites where the site won't then work properly.

Improve this answer

1 Comment

What about something like Object.defineProperty(window, "navigator", {get: function() { console.trace(); debugger; }}) to log all accesses?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.