A List of 20+ Fingerprinting Demos and Tests
~4 min read | Published on 2022-09-29, tagged General-News using 839 words.
Are you leaking potentially identifying information? Use these tools to find out. Many demonstrations are basically forms of entertainment (gimmicks - think of those sites that “locate” you based on your “unprotected” I.P. address).
Some of these are demonstrations of novel POCs. There are ecommerce sites that employ some of the novel techniques here, such as FingerprintJS.
A fair warning: some of these demonstrations will likely use your data. Perhaps for research. Perhaps to improve their corporate offerings. Tor Browser with the slider to the max will prevent many of these demos from working.My Favorites
TorZillaPrint - arkenfox.github.io
TorZillaPrint (TZP) aims to provide a comprehensive, all-in-one, fingerprinting test suite, nicely broken into suitable sections with relevant information together. Long term, the goal is to collect Gecko only fingerprint data (no PII) for analysis to see how many classifications each metric or section provides.
No-JS fingerprinting - noscriptfingerprint.com, source: github.com/fingerprintjs
A common misconception is that disabling JavaScript can prevent fingerprinting. Since advertisers and bad actors use it for ad targeting and tracking your online activity, it’s a natural (albeit incorrect) assumption that disabling JavaScript will protect you against fingerprinting. In this article, we will demonstrate that fingerprinting can occur even in the absence of JavaScript.
CSS Fingerprint - csstracking.dev, source: github
CSS Fingerprinting is a technique of tracking and gathering information on site visitors. This method exploits the nature of CSS to collect various characteristics about the visitor’s browser and device, which can later be used to either identify or track said visitor.
CreepJS - abrahamjuliot.github.io
Creepy device and browser fingerprinting
Others
AudioContext Fingerprint - audiofingerprint.openwpm.com
This page tests browser-fingerprinting using the AudioContext and Canvas API. Using the AudioContext API to fingerprint does not collect sound played or recorded by your machine - an AudioContext fingerprint is a property of your machine’s audio stack itself.
Available Fonts - orleika.github.io, source: github
Getting available fonts on browser without flash
Browser Fingerprinting - niespodd.github.io
BrowserLeaks - browserleaks.com
BrowserLeaks is all about browsing privacy and web browser fingerprinting. Here you will find a gallery of web technologies security testing tools that will show you what kind of personal identity data can be leaked, and how to protect yourself from this.
Canvas Test - canvasblocker.kkapsner.de
CSS Exfil Vulnerability Tester - mike-gualtieri.com
This page tests to see if your browser is vulnerable to Cascading Style Sheets (CSS) data leakage.
Device Info - deviceinfo.me
Device Info is a web browser security testing, privacy testing, and troubleshooting tool.
DNS Cookie Demonstration - dnscookie.com
DNS cookies use DNS caches as a side-channel to identify related network flows.
EFF: Cover Your Tracks - coveryourtracks.eff.org
This is an EFF project that allows you to understand how easy it is to identify and track your browser based on how it appears to websites.
Epic Tracker - epictracker.vercel.app
A demo of how can I track you using fingerprinting and some automated lookups and stuff, using modern Javascript APIs
Extension Fingerprints - z0ccc.github.io
Chrome extensions can be detected by fetching their web accessible resources. These are files inside an extension that can be accessed by web pages. The detected extensions can be used to track you through browser fingerprinting.
This website scans over 1000 extensions and shows you the percentage of users that share the same extensions.
Firefox Addon Detector - thehackerblog.com
Tracking 400+ Firefox Addons through chrome:// URI trickery!
Iphey - iphey.com
Mouse Wheel Tracking - jcarlosnorte.com
Nothing Private - nothingprivate.ml
This project is a proof of concept that any website can identify and track you, even if you are using private browsing or incognito mode in your web browser. Many people think that they can hide their identity if they are using private browsing or incognito mode. This project will prove that they are wrong.
PicassAuth - plaperdr.github.io
Canvas fingerprinting
Pixelscan - pixelscan.net
Good, basically a bot check
Privacy Check - privacycheck.sec.lrz.de
This website aims to focus on each fingerprinting technique in detail. It also presents the information and demonstrations in a way that is easy to understand, rather than giving a broad undescribed overview.
“scheme flooding” - schemeflood.com, source: github, article
The vulnerability uses information about installed apps on your computer to assign you a permanent unique identifier even if you switch browsers, use incognito mode, or use a VPN.
SuperCookie - demo.supercookie.me
Supercookie uses favicons to assign a unique identifier to website visitors.
Unlike traditional tracking methods, this ID can be stored almost persistently and cannot be easily cleared by the user.
The tracking method works even in the browser’s incognito mode and is not cleared by flushing the cache, closing the browser or restarting the operating system, using a VPN or installing AdBlockers.
Webgl Fingerprinting - webbrowsertools.com
This page uses different techniques to recognize whether a browser extension is installed to spoof the webgl fingerprint result or not. Sometimes to protect browser identity, a browser extension adds random noise to the canvas image (which is rendered in the GPU) and this noise alters the fingerprint result (hash code). Although the actual identity might be protected, there are still methods to detect whether the webgl result is manipulated or not. For instance, if manipulation is identified, the server may decide to ignore the webgl identity and uses a different approach to identify the browser session.
Zardaxt.py - tcpip.incolumitas.com, github, article
TCP/IP Fingerprinting for VPN and Proxy Detection
Some of these are demonstrations of novel POCs. There are ecommerce sites that employ some of the novel techniques here, such as FingerprintJS.
A fair warning: some of these demonstrations will likely use your data. Perhaps for research. Perhaps to improve their corporate offerings. Tor Browser with the slider to the max will prevent many of these demos from working.My Favorites
TorZillaPrint - arkenfox.github.io
TorZillaPrint (TZP) aims to provide a comprehensive, all-in-one, fingerprinting test suite, nicely broken into suitable sections with relevant information together. Long term, the goal is to collect Gecko only fingerprint data (no PII) for analysis to see how many classifications each metric or section provides.
No-JS fingerprinting - noscriptfingerprint.com, source: github.com/fingerprintjs
A common misconception is that disabling JavaScript can prevent fingerprinting. Since advertisers and bad actors use it for ad targeting and tracking your online activity, it’s a natural (albeit incorrect) assumption that disabling JavaScript will protect you against fingerprinting. In this article, we will demonstrate that fingerprinting can occur even in the absence of JavaScript.
CSS Fingerprint - csstracking.dev, source: github
CSS Fingerprinting is a technique of tracking and gathering information on site visitors. This method exploits the nature of CSS to collect various characteristics about the visitor’s browser and device, which can later be used to either identify or track said visitor.
CSS fingerprinting demo
CreepJS - abrahamjuliot.github.io
Creepy device and browser fingerprinting
Linux and TBB smh
Others
AudioContext Fingerprint - audiofingerprint.openwpm.com
This page tests browser-fingerprinting using the AudioContext and Canvas API. Using the AudioContext API to fingerprint does not collect sound played or recorded by your machine - an AudioContext fingerprint is a property of your machine’s audio stack itself.
Available Fonts - orleika.github.io, source: github
Getting available fonts on browser without flash
Browser Fingerprinting - niespodd.github.io
BrowserLeaks - browserleaks.com
BrowserLeaks is all about browsing privacy and web browser fingerprinting. Here you will find a gallery of web technologies security testing tools that will show you what kind of personal identity data can be leaked, and how to protect yourself from this.
Canvas Test - canvasblocker.kkapsner.de
CSS Exfil Vulnerability Tester - mike-gualtieri.com
This page tests to see if your browser is vulnerable to Cascading Style Sheets (CSS) data leakage.
Device Info - deviceinfo.me
Device Info is a web browser security testing, privacy testing, and troubleshooting tool.
DNS Cookie Demonstration - dnscookie.com
DNS cookies use DNS caches as a side-channel to identify related network flows.
EFF: Cover Your Tracks - coveryourtracks.eff.org
This is an EFF project that allows you to understand how easy it is to identify and track your browser based on how it appears to websites.
Epic Tracker - epictracker.vercel.app
A demo of how can I track you using fingerprinting and some automated lookups and stuff, using modern Javascript APIs
Extension Fingerprints - z0ccc.github.io
Chrome extensions can be detected by fetching their web accessible resources. These are files inside an extension that can be accessed by web pages. The detected extensions can be used to track you through browser fingerprinting.
This website scans over 1000 extensions and shows you the percentage of users that share the same extensions.
Firefox Addon Detector - thehackerblog.com
Tracking 400+ Firefox Addons through chrome:// URI trickery!
Iphey - iphey.com
Mouse Wheel Tracking - jcarlosnorte.com
Nothing Private - nothingprivate.ml
This project is a proof of concept that any website can identify and track you, even if you are using private browsing or incognito mode in your web browser. Many people think that they can hide their identity if they are using private browsing or incognito mode. This project will prove that they are wrong.
PicassAuth - plaperdr.github.io
Canvas fingerprinting
Pixelscan - pixelscan.net
Good, basically a bot check
Privacy Check - privacycheck.sec.lrz.de
This website aims to focus on each fingerprinting technique in detail. It also presents the information and demonstrations in a way that is easy to understand, rather than giving a broad undescribed overview.
“scheme flooding” - schemeflood.com, source: github, article
The vulnerability uses information about installed apps on your computer to assign you a permanent unique identifier even if you switch browsers, use incognito mode, or use a VPN.
SuperCookie - demo.supercookie.me
Supercookie uses favicons to assign a unique identifier to website visitors.
Unlike traditional tracking methods, this ID can be stored almost persistently and cannot be easily cleared by the user.
The tracking method works even in the browser’s incognito mode and is not cleared by flushing the cache, closing the browser or restarting the operating system, using a VPN or installing AdBlockers.
Webgl Fingerprinting - webbrowsertools.com
This page uses different techniques to recognize whether a browser extension is installed to spoof the webgl fingerprint result or not. Sometimes to protect browser identity, a browser extension adds random noise to the canvas image (which is rendered in the GPU) and this noise alters the fingerprint result (hash code). Although the actual identity might be protected, there are still methods to detect whether the webgl result is manipulated or not. For instance, if manipulation is identified, the server may decide to ignore the webgl identity and uses a different approach to identify the browser session.
Zardaxt.py - tcpip.incolumitas.com, github, article
TCP/IP Fingerprinting for VPN and Proxy Detection
