CAPEC-472: Browser Fingerprinting
An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
Last updated
Overview
CAPEC-472 (Browser Fingerprinting) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- Victim's browser visits a website that contains attacker's Java ScriptJava Script is not disabled in the victim's browser
How to mitigate it
Defenses that reduce the risk of CAPEC-472.
- Configuration: Disable Java Script in the browser
Examples
The following code snippets can be used to detect various browsers: Firefox 2/3 FF=/a/[-1]=='a' Firefox 3 FF3=(function x(){})[-5]=='x' Firefox 2 FF2=(function x(){})[-6]=='x' IE IE='\v'=='v' Safari Saf=/a/.__proto__=='//' Chrome Chr=/source/.test((/a/.toString+'')) Opera Op=/^function \(/.test([].sort)
Frequently asked questions
Common questions about CAPEC-472.
- What is CAPEC-472?
- An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- How do you prevent CAPEC-472?
- Configuration: Disable Java Script in the browser
- What weaknesses does CAPEC-472 target?
- CAPEC-472 exploits 1 CWE weakness, including CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
- How severe is CAPEC-472?
- MITRE rates CAPEC-472 as Low severity.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-472
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.