fingerprintjs/external-protocol-flooding

Spoofing UserAgent triggers all applications

ZOASR opened this issue · 1 comments

ZOASR commented

Spoofing the user agent triggers all apps (installed and not installed) on Brave , and stops completely on Firefox.

Brave :
UserAgent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0

image

Firefox :
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4433.0 Safari/537.36

image

I suspect it is because of getBrowserFamily():

external-protocol-flooding/packages/client/src/detector/browser.ts

Lines 1 to 23 in 5a2be48

import { BrowserFamily } from './types'
export function getBrowserFamily(): BrowserFamily {
const userAgent = navigator.userAgent.toLowerCase()
const noWebRTC = +!('RTCDataChannel' in window)
const noPointerEvent = +!('PointerEvent' in window)
const noAudioBuffer = +!('AudioBuffer' in window)
const noWebGLSync = +!('noWebGLSync' in window)
if (noWebRTC + noPointerEvent + noAudioBuffer + noWebGLSync >= 3) {
return BrowserFamily.TorBrowser
}
if (userAgent.includes('chrome')) {
return BrowserFamily.Chrome
} else if (userAgent.includes('safari')) {
return BrowserFamily.Safari
} else if (userAgent.includes('firefox')) {
return BrowserFamily.Firefox
}
return BrowserFamily.Unknown
}

spalt08 commented

Thanks! The demo should bypass the UA spoofing now.