+ Reply to Thread
Results 1 to 13 of 13

Thread: Detecting leaks and checking for browser fingerprint

  1. #1
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581

    Detecting leaks and checking for browser fingerprint

    Multipurpose System, OS & Browser Parsers:
    https://www.browserleaks.com/
    BrowserSpy.dk
    deviceinfo.me
    doileak.com
    https://ipleak.net/
    http://www.hotcleaner.com/clickclean-app.html
    https://jeffersonscher.com/res/jstest.php (HTTP Headers, JS Browser Tests)
    https://ip-info.org/?language=en
    https://webbrowsertools.com/
    https://tenta.com/test/#advanceddnstest
    https://fingerprintjs.github.io/fingerprintjs/
    http://f.vision/ (select "advanced tests")
    https://ipx.ac/run
    https://arkenfox.github.io/TZP/tzp.html
    https://abrahamjuliot.github.io/creepjs


    Browser Fingerprint:
    https://panopticlick.eff.org/
    https://www.amiunique.org/
    https://fingerprint.pet-portal.eu/
    https://audiofingerprint.openwpm.com/ (Test AudioContext Fingerprint, Canvas, Flash & JS/CSS Fonts Fingerprint)
    https://canvasblocker.kkapsner.de/test/
    https://canvasblocker.kkapsner.de/test/test.html


    User Agent checking:
    https://whichbrowser.net/
    https://github.com/WhichBrowser/Parser
    https://jeffersonscher.com/res/jstest.php (Test JS User Agent)


    Persistent Storage
    http://www.hotcleaner.com/cleaning-software-test.html (Cookies, Local Storage, IndexedDB, WebSQL DB, FileSystem)
    http://samy.pl/evercookie/ (EverCookies)



    Proxy & VPN usage detection (also OS and User Agent faking detection)
    http://witch.valdikss.org.ru
    Explanations:
    https://medium.com/@ValdikSS/detecti...413#.94joejnd0


    Torrent IP Checkers:
    doileak.com(this one checking through UDP connections)
    ipmagnet (also check your torrent client UA)
    https://ipleak.net/


    Browser SSL/TLS Implementation
    https://www.ssllabs.com/ssltest/viewMyClient.html
    https://tls13.1d.pw/
    https://www.howsmyssl.com/
    https://cc.dcsec.uni-hannover.de/
    https://www.cloudflare.com/ssl/encrypted-sni/
    https://ciphersuite.info/
    https://cryptcheck.fr/


    HTTPS MITM Spying Detection:
    https://www.grc.com/fingerprints.htm
    https://www.grc.com/ssl/ev.htm
    See also:
    https://www.digi77.com/ssl-eye-prism-protection

    Browser vulnerabilities Tests
    a) Noopener vulnerability:
    https://mathiasbynens.github.io/rel-noopener/
    https://jamiefarrelly.github.io/Rel-NoOpener-Example/

    b) Exfil vulnerability
    https://www.mike-gualtieri.com/css-e...ability-tester

    c) General Browser audit
    https://browseraudit.com

    Browser Leaks
    a) DNS leaks
    https://www.grc.com/dns/dns.htm (and DNS spoofability)
    https://ipleak.net/#dnsleak
    https://www.dnsleaktest.com/
    DNS Leak Tests
    https://www.dns-oarc.net/oarc/services/dnsentropy
    Perfect-Privacy DNS Test

    b) MSLeak
    https://www.perfect-privacy.com/en/tests/msleaktest

    c) WebRTC
    https://www.perfect-privacy.com/en/t...ebrtc-leaktest
    https://ip.voidsec.com/
    https://www.xmyip.com/webrtc-leak-test

    Referrer Header
    https://www.darklaunch.com/tools/test-referer

    Time & Zone spoofing
    https://add0n.com/spoof-timezone.html

    Testing redirection filtering and URL parameters sanitizing
    https://github.com/tumpio/requestcon.../Testing-links
    Last edited by anon; 02.11.21 at 05:24. Reason: 2021 update
    Reply With QuoteReply With Quote
    Thanks

  2. Who Said Thanks:

    JohnareyouOK (06.11.21) , austinpowers (06.04.17) , KnowledgeMelon (28.08.16) , THC (03.06.16) , ozymandis (27.05.16) , anon (21.05.16) , Lucius (21.05.16)

  3. #2
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Renk, is there a way to deter JavaScript screen size fingerprinting in Pale Moon? I was using Firegloves, but a bug causes it to silently "forget" its settings after a few days' runtime... very nasty. And Random Agent Spoofer doesn't install at all because it requires the Australis interface.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  4. #3
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Hi Anon, sorry for this late reply. FireGloves is no more maintained (and even has disappeared from AMO). But concerning screen size fingerprinting, Tor Browser does the job. It suffice for everyday browsing to configure it in order it doesn't route web traffic through Tor:

    Code:
    network.proxy.socks_remote_dns  false
    extensions.torlauncher.start_tor   false
    ---------- Post Merged at 13:42 ---------- Previous Post was at 12:47 ----------

    Could be added to category "Multipurpose System, OS & Browser Parsers:":
    https://www.dein-ip-check.de/
    http://fonk.wz.cz/browsercheck

    And maybe 3 others category could be added:

    Email Privacy Tester:
    https://www.emailprivacytester.com/

    SpeedTest For VPN;
    http://vpnspeedtest.org/ (currently speed test is performed concerning 21 Vpn brands, but these brands are surely not the best)

    In Depth Vpn and E-mail Providers Testing and Reviews:
    https://thatoneprivacysite.net/vpn-section/
    https://thatoneprivacysite.net/email-section/
    https://vpntesting.info/ (because the most Vpn apps are leaking!
    Last edited by Renk; 06.04.17 at 13:48.
    Reply With QuoteReply With Quote
    Thanks

  5. Who Said Thanks:

    THC (09.04.17) , anon (08.04.17) , Instab (07.04.17) , Lucius (06.04.17)

  6. #4
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Hello Anon,

    I think PaleMoon is now built on a too old FF version and it will breaks more and more sites. And it will accept only too very old FF extensions, no updated for years, which is very insecure.

    So why not to switch to Basilisk? or Waterfox? On these 2, Random Agent Spoofer should work.

    The problem with the advice I gave you previously (using Tor Browser outside Tor network) is that with this config, you will appear like a singularity: Very few people I think are using a browser with same fingerprint as the Tor Browser, without being connected to Tor. This somewhat defeat the purpose of "melting in the crowd" in spoofing screen size with values such as 1920x1080, 1366x768 or 1280x720
    Reply With QuoteReply With Quote
    Thanks

  7. Who Said Thanks:

    anon (14.05.18)

  8. #5
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    For starters, I didn't even know Basilisk existed, so I shall have to check it out

    I was sticking to Pale Moon because it's supposed to be faster, but as of the latest version, I don't really see any difference anymore. The thing becomes slow over time like the official Firefox did pre-Quantum, even if simply left running in the background, and I don't even have a lot of tabs open. Version 3.6.32 is super fast, but too old for anything other than the simplest sites.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  9. #6
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    The list I provided should now be a bit updated, particularly in the "Multipurpose System, OS & Browser Parsers" section.

    My former post is no more editable, so I suggest:

    1) To add To Multipurpose System, OS & Browser Parsers:
    https://webbrowsertools.com/
    https://tenta.com/test/#advanceddnstest
    https://fingerprintjs.github.io/fingerprintjs/
    http://f.vision/ (select "advanced tests")
    https://ipx.ac/run
    https://arkenfox.github.io/TZP/tzp.html


    2) To create a Browser vulnerabilities Tests section with the following subsections:
    a) Noopener vulnerability:
    https://mathiasbynens.github.io/rel-noopener/
    https://jamiefarrelly.github.io/Rel-NoOpener-Example/

    b) Exfil vulnerability
    https://www.mike-gualtieri.com/css-e...ability-tester

    c) General Browser audit
    https://browseraudit.com


    3) To create a section "Browser Leaks", which "DNS leacks" would be one of a subsection, with a new subsection named "MSLeak", :
    https://www.perfect-privacy.com/en/tests/msleaktest

    and new subsection named "Webrtc Leak" with the usual tests sites (doileak, ipleak, browserleaks.com/webrtc) and:
    https://www.perfect-privacy.com/en/t...ebrtc-leaktest
    https://ip.voidsec.com/
    https://www.xmyip.com/webrtc-leak-test


    4) To add to the "Browser fingerprint" section the following sites (Kkapsner is the dev of the excellent FF addon "CanvasBlocker"):
    https://canvasblocker.kkapsner.de/test/
    https://canvasblocker.kkapsner.de/test/test.html

    5) To add a specific "Referrer Header" section with site such as
    https://www.darklaunch.com/tools/test-referer
    (this site being the most extensive I have found on this subject)



    Edit:

    6) Time&Zone spoofing: For those using vpn/proxy and accordingly using addons (Chameleon to that) for faking their OS Time and Zone, the most extensive test I have found on this subject is:
    https://add0n.com/spoof-timezone.html
    Last edited by Renk; 16.12.20 at 00:54.
    Primo Avulso Non Deficit Alter
    Reply With QuoteReply With Quote
    Thanks

  10. Who Said Thanks:

    (18.01.22) , anon (16.12.20) , sigduwksnsksis9283 (15.12.20)

  11. #7
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Applied all changes; also added a lot of stuff under "Browser SSL/TLS Implementation" which only had a single entry. I will run these tests as soon as I have some time, most of them are new to me.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  12. #8
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Quote Originally Posted by anon View Post
    Applied all changes; also added a lot of stuff under "Browser SSL/TLS Implementation" which only had a single entry. I will run these tests as soon as I have some time, most of them are new to me.
    Thanks.

    I have found an other interesting test link:

    7) Testing redirection filtering and URL parameters sanitizing
    https://github.com/tumpio/requestcon.../Testing-links

    I have a couple other useful links, I just need to find where I saved them
    Last edited by Renk; 16.12.20 at 05:58.
    Primo Avulso Non Deficit Alter
    Reply With QuoteReply With Quote
    Thanks

  13. #9
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Quote Originally Posted by Renk View Post
    I have a couple other useful links, I just need to find where I saved them
    Well, from now on they'll be saved in this thread
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  14. #10
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Here is a test site I found recently.

    https://abrahamjuliot.github.io/creepjs/

    Its purpose is to analyze your browser fingerprint, and to detect what is wrong. It mainly focuses on the following browser fingerprint obfuscating/spoofing tools:

    Tor Browser (SL 1 & 2)
    Firefox (RFP)
    ungoogled-chromium (fingerprint deception)
    Brave Browser (Standard/Strict)
    puppeteer-extra
    Bromite
    uBlock Origin (aopr)
    NoScript
    DuckDuckGo Privacy Essentials
    Privacy Badger
    Privacy Possom
    Random User-Agent
    User Agent Switcher and Manager
    CanvasBlocker
    Trace
    CyDec
    Chameleon
    ScriptSafe
    Windscribe
    For what I understand, my main purpose being not to be tracked from one browsing session to an other, the most important result (at least for me) displayed by this site concerns the detection of your previous connections to the site(visits). Unlike sites like "AmIUnique" or "CoverYourTracks" (previously "panopticlick"), the less Creepjs detects the number of times you previously visited it, the better.

    And guess what, this site make you humble, as even the last TorBrowser (with security level "safer") can be tracked by this site. And its really the TB running on my system which is effectively tracked, not the generic TB: When I use a TB from a VM, the number of visits are not the same, and neither are the fingerprint of the various analyzed elements.

    In customizing a little more one already heavily customized FF Browser, I finally succeeded in non being traced cross session, but at the price of being detected by Creepjs as a really big bad liar.



    Quote Originally Posted by anon View Post
    Well, from now on they'll be saved in this thread
    I have to admit that this is one of the reasons (not the sole, because I'm not entirely selfish) why I opened this thread
    Last edited by Renk; 01.10.21 at 17:23.
    Primo Avulso Non Deficit Alter
    Reply With QuoteReply With Quote
    Thanks

  15. Who Said Thanks:

    anon (02.10.21) , Instab (01.10.21)

  16. #11
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Quote Originally Posted by Renk View Post
    I have to admit that this is one of the reasons (not the sole, because I'm not entirely selfish) why I opened this thread
    I use this forum as a public pastebin a lot. A lot of my posts may make more sense if seen in that light

    Anyway, I'll check out CreepJS soon, but right now... let's say time really is the world's most valuable currency.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  17. #12
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    In my first list, under "Multipurpose System, OS & Browser Parsers", the link I gave, named "Device Fingerprint", no more works(*). I think it should be replaced by deviceinfo.me (the one JohnareyouOK gave previously in an other thread).

    Moreover, I think that abrahamjuliot.github.io/creepjs really deserves to join this same list, next to TZP

    Enfin, after many tests recently performed, I found that in case of DNS leakages, Perfect-Privacy Dns test consistently finds better these leakages than ipleak.net, so that I think it could be added to the list, under Browser Leaks/Dns Leaks.

    (*) BTW, ip-check.info no more works either, but for this one there may be hope (at least I hope there is still some hope).
    Last edited by Renk; 31.10.21 at 00:26.
    Primo Avulso Non Deficit Alter
    Reply With QuoteReply With Quote
    Thanks

  18. Who Said Thanks:

    anon (02.11.21)

  19. #13
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Everything updated.

    Quote Originally Posted by Renk View Post
    > (*) BTW, ip-check.info no more works either, but for this one there may be hope (at least I hope there is still some hope).
    Well, I removed it. If they're down permanently, that's unfortunate; it was a good and quick way to check the most important variables, if one excused its blatant (but understandable) promotion of JonDo Browser, and one I visited often. Otherwise, we can always readd it later.

    It even inspired me to create my first and only Firefox addon so far, which blocked cache tracking at a time when there weren't any solutions (SafeCache was long broken). It was horribly written - you had to enable proxies and leave all text fields empty for requests to be intercepted - but it worked!
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

+ Reply to Thread

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •