Identify HTTP request from chromium browser - fingerprint
96 views
Skip to first unread message
Naveen Kumar Chittipolu
Mar 26, 2017, 3:48:37 PM3/26/17
to Chromium-dev
Hi Team,
We need your help!
We building a web based application where server should accept request only from chromium browser which we will built from the source code(after some modification in the source code)?
1. We would like to know what are the ways to achieve it? We heard of browser fingerprints but we are newbies. Kindly let us know how to achieve our problem solution.
If there are any other ways to achieve this, Please let us know.
Thanks in advance.
Chen Zhixiang
Mar 27, 2017, 12:44:27 AM3/27/17
to Chromium-dev
You should base your http connection request on https or even better, http 2.0
Then you can custom your https encrypt algorithm, such as, select a different ecc...
Then protect this encrypt algorithm source code, and don not leak
But if hackers are willing to do reverse engineering, this method is still not working for long
Chen Zhixiang
Mar 27, 2017, 12:47:31 AM3/27/17
to Chromium-dev
A smarter way may also be:
Use a startup blank page with injected javascript to do vendor sniffing, and then do a client redirect.
This can work, but if you mean any version of chrome, that will be difficult, or easy to misjudge.
Simply to use http request User-Agent header is out of consideration, it can be easily bypassed.
PhistucK
Mar 27, 2017, 3:25:34 AM3/27/17
to chitt...@gmail.com, Chromium-dev
If your goal is high security, then I am not sure there is any real way to do it, other than using client and server certificates perhaps with a special root that only your Chromium accepts.
If your goal is to simply identify your users without worrying too much about security, I guess you can inject an HTTP header at the network stack level, say, X-Special-Chromium: 1 (or whatever).
☆PhistucK
--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/92b248b8-0e87-48f8-ba85-497cd21043aa%40chromium.org.
Naveen
Mar 28, 2017, 2:01:58 AM3/28/17
to PhistucK, Chromium-dev
Hi,
Thanks for the answer. My goal is not security. My goal is to identify users who are requesting the server from the customized chromium browser which we will make.
Could you please explain me in more details about the solution you are telling?
--
Regards,
Naveen Kumar
Naveen Kumar
PhistucK
Mar 28, 2017, 2:16:48 AM3/28/17
to Naveen, Chromium-dev
net-dev might be more helpful and cs.chromium.org may help you easily search, browse and trace through the code base in order to get to the way to do it.
Mind that I am not familiar with the code, so use my advice with caution.
From a quick search, if you only care about navigations (loading the HTML of your website, resources will not have that header), for example, I think this is a good place for adding a new header -
☆PhistucK
Reply all
Reply to author
Forward
0 new messages