Client Info Gathering

Gathering information about the client's system is one of the first few crucial steps to a successful hack. As trivial as it may seem, some of the basic information about the user's system such as the operating system, version, browser and related information forms the bedrock of infilterating the user or the organization.

Fingerprinting

Fingerprinting is a useful step to gather all information about the user's browser and the information gathered can also be used for decucing the operating system that it runs on.

A fingerprinting library is available from the following Github repository,

This library can be emdeded in a webpage hosted by you and have the victim visit the page.

Here is a sample code that can be used for embedding the library into your page.

<!doctype html>
<html>
<head>
  <title>Welcome To Fingerprinting</title>
</head>
<body>
  <h1>What does this page do?</h1>
  <p>This page gathers info about your browser and submits it back to the server.</p>
  <script src="fingerprint2.js"></script>
  <script>
      var d1 = new Date();
      var options = {};
      Fingerprint2.get(options, function (components) {
        var values = components.map(function (component) { return component.value })
        var murmur = Fingerprint2.x64hash128(values.join(''), 31)
	      var clientfp = "Client browser fingerprint: " + murmur + "\n\n";
        var d2 = new Date();
        var timeString = "Time to calculate fingerprint: " + (d2 - d1) + "ms\n\n";
        var details = "Detailed information: \n";
        if(typeof window.console !== "undefined") {
          for (var index in components) {
            var obj = components[index];
            var value = obj.value;
	          if (value !== null) {
              var line = obj.key + " = " + value.toString().substr(0, 150);
              details += line + "\n";
	          }
          }
        }
        var xmlhttp = new XMLHttpRequest();
        xmlhttp.open("POST", "/fp/js.php");
        xmlhttp.setRequestHeader("Content-Type", "application/txt");
        xmlhttp.send(clientfp + timeString + details);
      });
  </script>
</body>
</html>

The following code can be used for receiving the browser info as submitted by the library to the server,

<?php
$data = "Client IP Address: " . $_SERVER['REMOTE_ADDR'] . "\n";
$data .= file_get_contents('php://input');
$data .= "---------------------------------\n\n";
file_put_contents('/var/www/html/fp/fingerprint.txt', print_r($data, true), FILE_APPEND | LOCK_EX);
?>

Last updated