Home Sign Up Sign In
bagheer

利用第三方协议漏洞实现跨浏览器跟踪用户(主流浏览器甚至 Tor)

  •   
  •   bagheer · May 14, 2021 · 2904 views
    This topic created in 1830 days ago, the information mentioned may be changed or developed.
    FingerprintJS 发现一个利用第三方应用协议的跨浏览器漏洞,可以跟踪
    Chrome 90 (Windows 10, macOS Big Sur)
    Firefox 88.0.1 (Ubuntu 20.04, Windows 10, macOS Big Sur)
    Safari 14.1 (macOS Big Sur)
    Tor Browser 10.0.16 (Ubuntu 20.04, Windows 10, macOS Big Sur)
    Brave 1.24.84 (Windows 10, macOS Big Sur)
    Yandex Browser 21.3.0 (Windows 10, macOS Big Sur)
    Microsoft Edge 90 (Windows 10, macOS Big Sur)

    示例:
    https://schemeflood.com/

    源码:
    https://github.com/fingerprintjs/external-protocol-flooding

    英文原文:
    https://fingerprintjs.com/blog/external-protocol-flooding/
  • sur
  • macOS
  • Big
  • Windows
    3 replies    2021-05-14 22:30:13 +08:00
    lhx2008
        1
    lhx2008  
       May 14, 2021
    这都能想到,就是获取的时间太长了,没有什么实用价值
    12101111
        2
    12101111  
       May 14, 2021
    这代码有 bug, 我一个纯开源的 Gentoo Linux, 为什么说我安装了 Zoom, Epic Games, Discord, Slack, Steam, Battle.net, Xcode, NordVPN, Sketch, Teamviewer, Microsoft Word, WhatsApp, Postman, Adobe, Messenger,
    Figma, Hotspot Shield, ExpressVPN, Notion, iTunes
    这些有的只发布了 Windows 或者 macOS 的版本
    12101111
        3
    12101111  
       May 14, 2021
    https://github.com/fingerprintjs/external-protocol-flooding/issues/5
    行吧, 所有的第三方协议都是用 xdg-open 打开的
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   4843 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 36ms · UTC 09:41 · PVG 17:41 · LAX 02:41 · JFK 05:41
    ♥ Do have faith in what you're doing.