This repository contains a PoC of a browser identification mechanism that leverages an HTTP/2 active stack fingerprinting technique.
It is made of three different parts:
- a Flask web server that exposes an HTML/JS page to force the browser to refresh a specific asset (
server.py) - an HTTP/2 fake server that answers browser requests to fetch an asset with specific HTTP/2 tests (
server_http2.py) - a Fingerprint knowledge base that analyzes the HTTP/2 tests results to compute the browser stack (
fingerprint.py)
It should be noted, that a redis server is used as a shared memory storage between the flask server and the fake http2 server.
IMHO: the most interesting part of this project is how I automaticaly computed the different test cases used to fingerprint the browser :)
For more details, you can:
- refer to the short presentation available in the
doc/directory - send me your question per email (
my_firstname@miskin.fr) or per Twitter DM@Lapeluche - buy me a
beerand get even more details.