A List of 20+ Fingerprinting Demos and Tests

Published on 18 November 2022 at 16:30

Are you leaking potentially identifying information? Use these tools to find out. Many demonstrations are basically forms of entertainment (gimmicks - think of those sites that “locate” you based on your “unprotected” I.P. address).

Some of these are demonstrations of novel POCs. There are ecommerce sites that employ some of the novel techniques here, such as FingerprintJS.

A fair warning: some of these demonstrations will likely use your data. Perhaps for research. Perhaps to improve their corporate offerings. Tor Browser with the slider to the max will prevent many of these demos from working.

My Favorites

TorZillaPrint - arkenfox.github.io

TorZillaPrint (TZP) aims to provide a comprehensive, all-in-one, fingerprinting test suite, nicely broken into suitable sections with relevant information together. Long term, the goal is to collect Gecko only fingerprint data (no PII) for analysis to see how many classifications each metric or section provides.

 

 

No-JS fingerprinting - noscriptfingerprint.com, source: github.com/fingerprintjs

A common misconception is that disabling JavaScript can prevent fingerprinting. Since advertisers and bad actors use it for ad targeting and tracking your online activity, it’s a natural (albeit incorrect) assumption that disabling JavaScript will protect you against fingerprinting. In this article, we will demonstrate that fingerprinting can occur even in the absence of JavaScript.

 

 

CSS Fingerprint - csstracking.dev, source: github

CSS Fingerprinting is a technique of tracking and gathering information on site visitors. This method exploits the nature of CSS to collect various characteristics about the visitor’s browser and device, which can later be used to either identify or track said visitor.

 

CreepJS - abrahamjuliot.github.io

Creepy device and browser fingerprinting

 

Others

AudioContext Fingerprint - audiofingerprint.openwpm.com

This page tests browser-fingerprinting using the AudioContext and Canvas API. Using the AudioContext API to fingerprint does not collect sound played or recorded by your machine - an AudioContext fingerprint is a property of your machine’s audio stack itself.

 

 

Available Fonts - orleika.github.io, source: github

Getting available fonts on browser without flash

 

-Browser Fingerprinting - niespodd.github.io

 

 

-BrowserLeaks - browserleaks.com

BrowserLeaks is all about browsing privacy and web browser fingerprinting. Here you will find a gallery of web technologies security testing tools that will show you what kind of personal identity data can be leaked, and how to protect yourself from this.

 

Canvas Test - canvasblocker.kkapsner.de

 

 

CSS Exfil Vulnerability Tester - mike-gualtieri.com

This page tests to see if your browser is vulnerable to Cascading Style Sheets (CSS) data leakage.

 

 

Device Info - deviceinfo.me

Device Info is a web browser security testing, privacy testing, and troubleshooting tool.

 

 

DNS Cookie Demonstration - dnscookie.com

DNS cookies use DNS caches as a side-channel to identify related network flows.

 

 

EFF: Cover Your Tracks - coveryourtracks.eff.org

This is an EFF project that allows you to understand how easy it is to identify and track your browser based on how it appears to websites.

 

 

Epic Tracker - epictracker.vercel.app

A demo of how can I track you using fingerprinting and some automated lookups and stuff, using modern Javascript APIs

 

 

Extension Fingerprints - z0ccc.github.io

Chrome extensions can be detected by fetching their web accessible resources. These are files inside an extension that can be accessed by web pages. The detected extensions can be used to track you through browser fingerprinting.

This website scans over 1000 extensions and shows you the percentage of users that share the same extensions.

 

 

Firefox Addon Detector - thehackerblog.com

Tracking 400+ Firefox Addons through chrome:// URI trickery!

 

 

Iphey - iphey.com

 

 

Mouse Wheel Tracking - jcarlosnorte.com

 

 

Nothing Private - nothingprivate.ml

This project is a proof of concept that any website can identify and track you, even if you are using private browsing or incognito mode in your web browser. Many people think that they can hide their identity if they are using private browsing or incognito mode. This project will prove that they are wrong.

 

PicassAuth - plaperdr.github.io

Canvas fingerprinting

 

 

Pixelscan - pixelscan.net

Good, basically a bot check

 

 

Privacy Check - privacycheck.sec.lrz.de

This website aims to focus on each fingerprinting technique in detail. It also presents the information and demonstrations in a way that is easy to understand, rather than giving a broad undescribed overview.

 

 

“scheme flooding” - schemeflood.com, source: github, article

The vulnerability uses information about installed apps on your computer to assign you a permanent unique identifier even if you switch browsers, use incognito mode, or use a VPN.

 

 

SuperCookie - demo.supercookie.me

Supercookie uses favicons to assign a unique identifier to website visitors.

Unlike traditional tracking methods, this ID can be stored almost persistently and cannot be easily cleared by the user.

The tracking method works even in the browser’s incognito mode and is not cleared by flushing the cache, closing the browser or restarting the operating system, using a VPN or installing AdBlockers.

 

 

Webgl Fingerprinting - webbrowsertools.com

This page uses different techniques to recognize whether a browser extension is installed to spoof the webgl fingerprint result or not. Sometimes to protect browser identity, a browser extension adds random noise to the canvas image (which is rendered in the GPU) and this noise alters the fingerprint result (hash code). Although the actual identity might be protected, there are still methods to detect whether the webgl result is manipulated or not. For instance, if manipulation is identified, the server may decide to ignore the webgl identity and uses a different approach to identify the browser session.

 

 

Zardaxt.py - tcpip.incolumitas.com, github, article

TCP/IP Fingerprinting for VPN and Proxy Detection

 


«   »

Add comment

Comments

There are no comments yet.