For the fingerprinting part, can you explain the difference with the JShelter browser extension (https://jshelter.org/)?
I checked as you did in your demo video with https://demo.fingerprint.com/playground (using JShelter in Firefox).
It produces a fingerprint detector report, like so :
Ooh nice, I haven’t seen this project! I actually tried attempting this as an extension at first but wasn’t able to override page window functions. I’m curious to know how they accomplished this. (edit: I see that I missed the chrome.scripting API facepalm)
Thank you for sharing :)
FWIW I still think a custom browser approach has some benefits (stealth and executing in out of process iframes. could be wrong on the second part, haven’t actually tested!)
Most of my job is reverse engineering a major website builder company's code so we can leverage their undocumented features. It's often a difficult job but your project could make it easier. I'm sure there are others out there that will find this useful.
This is such an eye opening, and really interesting. It reminded me of projects like XprivacyLua that "expose" the different calls and request from android apps. Great work!
In the past I've considered forking Chromium so every asset that it downloads (images, scripts, etc) is saved somewhere to produce a sort of "passive scraper".
This article made me consider creating a new CDP domain as a possible option, but tbf I haven't thought about this problem in ages so maybe there's something less stupid that I could do.
Ha, I've had the exact same thought before as well, but due to lack of experience and time constraints I ended up using mitmproxy with a small Python script instead. It was slow and buggy, but it served it purpose...
While searching for a tool I found several others asking for something similar, so I'm sure there are quite a few who would be interested in the project if you ever do decide to pick it up.
It's not quite the same, but in the past I've written (in python) scrapers that run off of the cache. E.g. it would extract recipes from web pages that I had visited. The script would run through the cache and run an appropriate scraper based on the url. I think I also looked for json-ld and microdata.
The down sides were that it only works with cached data, and I had to tweak it a couple of times because they changed the format of the cache keys.
Someone mentioned this as well in another comment. Turns out most of this could’ve been done as an extension after all :-)
edit: actually, wouldn’t you still need to override the global you’d like to instrument? At that point, the toString of the modified function would leak your hook.
For anyone that doesn't want to maintain a fork of chromium, just download the PDB and hook it at runtime for spoofing and/or dumping call logs. For hook itself just add your dll as a dependency in the PE structure.
Very cool, thanks for sharing. I would love to see this show up as an OSS project. I know a few people who would likely enjoy being able to contribute if that's something you'd be looking for.
This is neat but it also makes me uncomfortable to see just how much fingerprinting is done these days. TikTok is creepy but I'm sure they aren't the worst.
I am amazed what you've accomplished here: adding your own custom CDP domain. Years ago I gave up on trying to hack Chromium (I wanted to learn how to add back Manifest Version 2 support before it got removed.).
Build times were way longer on my potato hardware. Since then I haven't touched much C++.
Neat investigation but I didn’t totally follow how the project would be useful for reverse engineering, it seems like a project that would mostly be useful for evading bot checks like web scraping or AI automation.
...and power users. This is a browser that acts in the interests of the user, something that the mainstream authoritarian technocracy is actively trying to destroy and has been ever since they removed "View Source" from its customary place.
I have a project (in my rather long project backlog) that involves hooking JS APIs to download youtube videos. I'm worried that if my extension (or a similar extension) gained enough popularity, youtube would start inspecting the relevant JS objects to see if they'd been replaced with proxy instances.
Aside from playing a hooking/patching game of cat and mouse, I don't think this is fully solvable without modifying the browser engine itself - then you can hook things in a way that's completely transparent to the JS in webpages.
Thanks for sharing some examples! Someone shared a similar project in the other thread. I didn’t realize this at the time of writing haha.
FWIW I still think modifying the browser has some positives wrt stealth and hooking out of process frames (could be wrong on the second part, haven’t actually tested!)
Still good to know though will leave a note in the article :-)
tducret|4 months ago
For the fingerprinting part, can you explain the difference with the JShelter browser extension (https://jshelter.org/)?
I checked as you did in your demo video with https://demo.fingerprint.com/playground (using JShelter in Firefox). It produces a fingerprint detector report, like so :
{
}However, it appears there is no way to display what was actually produced by the browser.
Was this the reason you had to build your own browser? Or is it possible to extend JShelter to do the same?
nullpt_rs|4 months ago
Thank you for sharing :)
FWIW I still think a custom browser approach has some benefits (stealth and executing in out of process iframes. could be wrong on the second part, haven’t actually tested!)
leptons|4 months ago
codingcodingboy|4 months ago
codeulike|4 months ago
dotancohen|4 months ago
EDIT: Oh, it took me a minute!
dlcarrier|4 months ago
3abiton|4 months ago
sagistrauss|4 months ago
evertedsphere|4 months ago
This article made me consider creating a new CDP domain as a possible option, but tbf I haven't thought about this problem in ages so maybe there's something less stupid that I could do.
debazel|4 months ago
While searching for a tool I found several others asking for something similar, so I'm sure there are quite a few who would be interested in the project if you ever do decide to pick it up.
dunham|4 months ago
The down sides were that it only works with cached data, and I had to tweak it a couple of times because they changed the format of the cache keys.
Alifatisk|4 months ago
MaxLeiter|4 months ago
izzqz|4 months ago
Matheus28|4 months ago
nullpt_rs|4 months ago
edit: actually, wouldn’t you still need to override the global you’d like to instrument? At that point, the toString of the modified function would leak your hook.
see: https://gist.github.com/voidstar0/179990efe918d1028b72f292cf...
Regardless, I do have some interesting ideas that should hopefully make my pain of compiling Chromium for 3 hours worth it though :p
Cheat Engine for site scripts? Who knows. Mostly just using this as an opportunity to learn some browser internals so id say it still paid off :)
kachapopopow|4 months ago
kachapopopow|4 months ago
gpvos|4 months ago
tylerlh|4 months ago
NetOpWibby|4 months ago
bobajeff|4 months ago
Build times were way longer on my potato hardware. Since then I haven't touched much C++.
paulhodge|4 months ago
juros|4 months ago
Where's the wait list?
userbinator|4 months ago
kundi|4 months ago
whazor|4 months ago
tbrockman|4 months ago
Which for some functionality would have been a bit more portable and involved less effort.
Retr0id|4 months ago
Aside from playing a hooking/patching game of cat and mouse, I don't think this is fully solvable without modifying the browser engine itself - then you can hook things in a way that's completely transparent to the JS in webpages.
nullpt_rs|4 months ago
FWIW I still think modifying the browser has some positives wrt stealth and hooking out of process frames (could be wrong on the second part, haven’t actually tested!)
Still good to know though will leave a note in the article :-)
horseradish7k|4 months ago
nullpt_rs|4 months ago
coolelectronics|4 months ago
fjfjf|4 months ago
fjfjf|4 months ago
fjfjf|4 months ago
fjfjf|4 months ago
fjfjf|4 months ago
jbckgnbhjklco|4 months ago
[deleted]