Detecting leaks and checking for browser fingerprint

**Renk** · 21.05.16, 05:09

Multipurpose System, OS & Browser Parsers:
https://www.browserleaks.com/
BrowserSpy.dk
deviceinfo.me
doileak.com
https://ipleak.net/
http://www.hotcleaner.com/clickclean-app.html
https://jeffersonscher.com/res/jstest.php (HTTP Headers, JS Browser Tests)
https://ip-info.org/?language=en
https://webbrowsertools.com/
https://tenta.com/test/#advanceddnstest
https://fingerprintjs.github.io/fingerprintjs/
http://f.vision/ (select "advanced tests")
https://ipx.ac/run
https://arkenfox.github.io/TZP/tzp.html
https://abrahamjuliot.github.io/creepjs

Browser Fingerprint:
https://panopticlick.eff.org/
https://www.amiunique.org/
https://fingerprint.pet-portal.eu/
https://audiofingerprint.openwpm.com/ (Test AudioContext Fingerprint, Canvas, Flash & JS/CSS Fonts Fingerprint)
https://canvasblocker.kkapsner.de/test/
https://canvasblocker.kkapsner.de/test/test.html

User Agent checking:
https://whichbrowser.net/
https://github.com/WhichBrowser/Parser
https://jeffersonscher.com/res/jstest.php (Test JS User Agent)

Persistent Storage
http://www.hotcleaner.com/cleaning-software-test.html (Cookies, Local Storage, IndexedDB, WebSQL DB, FileSystem)
http://samy.pl/evercookie/ (EverCookies)

Proxy & VPN usage detection (also OS and User Agent faking detection)
http://witch.valdikss.org.ru
Explanations:
https://medium.com/@ValdikSS/detecti...413#.94joejnd0

Torrent IP Checkers:
doileak.com(this one checking through UDP connections)
ipmagnet (also check your torrent client UA)
https://ipleak.net/

Browser SSL/TLS Implementation
https://www.ssllabs.com/ssltest/viewMyClient.html
https://tls13.1d.pw/
https://www.howsmyssl.com/
https://cc.dcsec.uni-hannover.de/
https://www.cloudflare.com/ssl/encrypted-sni/
https://ciphersuite.info/
https://cryptcheck.fr/

HTTPS MITM Spying Detection:
https://www.grc.com/fingerprints.htm
https://www.grc.com/ssl/ev.htm
See also:
https://www.digi77.com/ssl-eye-prism-protection

Browser vulnerabilities Tests
a) Noopener vulnerability:
https://mathiasbynens.github.io/rel-noopener/
https://jamiefarrelly.github.io/Rel-NoOpener-Example/

b) Exfil vulnerability
https://www.mike-gualtieri.com/css-e...ability-tester

c) General Browser audit
https://browseraudit.com

Browser Leaks
a) DNS leaks
https://www.grc.com/dns/dns.htm (and DNS spoofability)
https://ipleak.net/#dnsleak
https://www.dnsleaktest.com/
DNS Leak Tests
https://www.dns-oarc.net/oarc/services/dnsentropy
Perfect-Privacy DNS Test

b) MSLeak
https://www.perfect-privacy.com/en/tests/msleaktest

c) WebRTC
https://www.perfect-privacy.com/en/t...ebrtc-leaktest
https://ip.voidsec.com/
https://www.xmyip.com/webrtc-leak-test

Referrer Header
https://www.darklaunch.com/tools/test-referer

Time & Zone spoofing
https://add0n.com/spoof-timezone.html

Testing redirection filtering and URL parameters sanitizing
https://github.com/tumpio/requestcon.../Testing-links

**anon** · 26.06.16, 20:18

Renk, is there a way to deter JavaScript screen size fingerprinting in Pale Moon? I was using Firegloves, but a bug causes it to silently "forget" its settings after a few days' runtime... very nasty. And Random Agent Spoofer doesn't install at all because it requires the Australis interface.

**Renk** · 06.04.17, 14:42

Hi Anon, sorry for this late reply. FireGloves is no more maintained (and even has disappeared from AMO). But concerning screen size fingerprinting, Tor Browser does the job. It suffice for everyday browsing to configure it in order it doesn't route web traffic through Tor:

Code:

network.proxy.socks_remote_dns  false
extensions.torlauncher.start_tor   false

---------- Post Merged at 13:42 ---------- Previous Post was at 12:47 ----------

Could be added to category "Multipurpose System, OS & Browser Parsers:":
https://www.dein-ip-check.de/
http://fonk.wz.cz/browsercheck

And maybe 3 others category could be added:

Email Privacy Tester:
https://www.emailprivacytester.com/

SpeedTest For VPN;
http://vpnspeedtest.org/ (currently speed test is performed concerning 21 Vpn brands, but these brands are surely not the best)

In Depth Vpn and E-mail Providers Testing and Reviews:
https://thatoneprivacysite.net/vpn-section/
https://thatoneprivacysite.net/email-section/
https://vpntesting.info/ (because the most Vpn apps are leaking!

**Renk** · 13.05.18, 22:36

Hello Anon,

I think PaleMoon is now built on a too old FF version and it will breaks more and more sites. And it will accept only too very old FF extensions, no updated for years, which is very insecure.

So why not to switch to Basilisk? or Waterfox? On these 2, Random Agent Spoofer should work.

The problem with the advice I gave you previously (using Tor Browser outside Tor network) is that with this config, you will appear like a singularity: Very few people I think are using a browser with same fingerprint as the Tor Browser, without being connected to Tor. This somewhat defeat the purpose of "melting in the crowd" in spoofing screen size with values such as 1920x1080, 1366x768 or 1280x720

**anon** · 14.05.18, 14:50

For starters, I didn't even know Basilisk existed, so I shall have to check it out

I was sticking to Pale Moon because it's supposed to be faster, but as of the latest version, I don't really see any difference anymore. The thing becomes slow over time like the official Firefox did pre-Quantum, even if simply left running in the background, and I don't even have a lot of tabs open. Version 3.6.32 is super fast, but too old for anything other than the simplest sites.

**Renk** · 15.12.20, 21:37

The list I provided should now be a bit updated, particularly in the "Multipurpose System, OS & Browser Parsers" section.

My former post is no more editable, so I suggest:

1) To add To Multipurpose System, OS & Browser Parsers:
https://webbrowsertools.com/
https://tenta.com/test/#advanceddnstest
https://fingerprintjs.github.io/fingerprintjs/
http://f.vision/ (select "advanced tests")
https://ipx.ac/run
https://arkenfox.github.io/TZP/tzp.html

2) To create a Browser vulnerabilities Tests section with the following subsections:
a) Noopener vulnerability:
https://mathiasbynens.github.io/rel-noopener/
https://jamiefarrelly.github.io/Rel-NoOpener-Example/

b) Exfil vulnerability
https://www.mike-gualtieri.com/css-e...ability-tester

c) General Browser audit
https://browseraudit.com

3) To create a section "Browser Leaks", which "DNS leacks" would be one of a subsection, with a new subsection named "MSLeak", :
https://www.perfect-privacy.com/en/tests/msleaktest

and new subsection named "Webrtc Leak" with the usual tests sites (doileak, ipleak, browserleaks.com/webrtc) and:
https://www.perfect-privacy.com/en/t...ebrtc-leaktest
https://ip.voidsec.com/
https://www.xmyip.com/webrtc-leak-test

4) To add to the "Browser fingerprint" section the following sites (Kkapsner is the dev of the excellent FF addon "CanvasBlocker"):
https://canvasblocker.kkapsner.de/test/
https://canvasblocker.kkapsner.de/test/test.html

5) To add a specific "Referrer Header" section with site such as
https://www.darklaunch.com/tools/test-referer
(this site being the most extensive I have found on this subject)

Edit:

6) Time&Zone spoofing: For those using vpn/proxy and accordingly using addons (Chameleon to that) for faking their OS Time and Zone, the most extensive test I have found on this subject is:
https://add0n.com/spoof-timezone.html

**anon** · 16.12.20, 02:19

Applied all changes; also added a lot of stuff under "Browser SSL/TLS Implementation" which only had a single entry. I will run these tests as soon as I have some time, most of them are new to me.

**Renk** · 16.12.20, 05:58

Originally Posted by anon

Applied all changes; also added a lot of stuff under "Browser SSL/TLS Implementation" which only had a single entry. I will run these tests as soon as I have some time, most of them are new to me.

Thanks.

I have found an other interesting test link:

7) Testing redirection filtering and URL parameters sanitizing
https://github.com/tumpio/requestcon.../Testing-links

I have a couple other useful links, I just need to find where I saved them

**anon** · 16.12.20, 18:21

Originally Posted by Renk

I have a couple other useful links, I just need to find where I saved them

Well, from now on they'll be saved in this thread

**Renk** · 01.10.21, 16:24

Here is a test site I found recently.

https://abrahamjuliot.github.io/creepjs/

Its purpose is to analyze your browser fingerprint, and to detect what is wrong. It mainly focuses on the following browser fingerprint obfuscating/spoofing tools:

Tor Browser (SL 1 & 2)
Firefox (RFP)
ungoogled-chromium (fingerprint deception)
Brave Browser (Standard/Strict)
puppeteer-extra
Bromite
uBlock Origin (aopr)
NoScript
DuckDuckGo Privacy Essentials
Privacy Badger
Privacy Possom
Random User-Agent
User Agent Switcher and Manager
CanvasBlocker
Trace
CyDec
Chameleon
ScriptSafe
Windscribe

For what I understand, my main purpose being not to be tracked from one browsing session to an other, the most important result (at least for me) displayed by this site concerns the detection of your previous connections to the site(visits). Unlike sites like "AmIUnique" or "CoverYourTracks" (previously "panopticlick"), the less Creepjs detects the number of times you previously visited it, the better.

And guess what, this site make you humble, as even the last TorBrowser (with security level "safer") can be tracked by this site. And its really the TB running on my system which is effectively tracked, not the generic TB: When I use a TB from a VM, the number of visits are not the same, and neither are the fingerprint of the various analyzed elements.

In customizing a little more one already heavily customized FF Browser, I finally succeeded in non being traced cross session, but at the price of being detected by Creepjs as a really big bad liar.

Originally Posted by anon

Well, from now on they'll be saved in this thread

I have to admit that this is one of the reasons (not the sole, because I'm not entirely selfish) why I opened this thread

**anon** · 02.10.21, 06:21

Originally Posted by Renk

I have to admit that this is one of the reasons (not the sole, because I'm not entirely selfish) why I opened this thread

I use this forum as a public pastebin a lot. A lot of my posts may make more sense if seen in that light

Anyway, I'll check out CreepJS soon, but right now... let's say time really is the world's most valuable currency.

**Renk** · 31.10.21, 00:24

In my first list, under "Multipurpose System, OS & Browser Parsers", the link I gave, named "Device Fingerprint", no more works(*). I think it should be replaced by deviceinfo.me (the one JohnareyouOK gave previously in an other thread).

Moreover, I think that abrahamjuliot.github.io/creepjs really deserves to join this same list, next to TZP

Enfin, after many tests recently performed, I found that in case of DNS leakages, Perfect-Privacy Dns test consistently finds better these leakages than ipleak.net, so that I think it could be added to the list, under Browser Leaks/Dns Leaks.

(*) BTW, ip-check.info no more works either, but for this one there may be hope (at least I hope there is still some hope).

**anon** · 02.11.21, 05:31

Everything updated.

Originally Posted by Renk

> (*) BTW, ip-check.info no more works either, but for this one there may be hope (at least I hope there is still some hope).

Well, I removed it. If they're down permanently, that's unfortunate; it was a good and quick way to check the most important variables, if one excused its blatant (but understandable) promotion of JonDo Browser, and one I visited often. Otherwise, we can always readd it later.

It even inspired me to create my first and only Firefox addon so far, which blocked cache tracking at a time when there weren't any solutions (SafeCache was long broken). It was horribly written - you had to enable proxies and leave all text fields empty for requests to be intercepted - but it worked!