Abstract
Browser extensions have gradually replaced plug-ins as auxiliary tools to enhance browser features, such as ad-blocking, image favorites, user agent randomization, etc. While improving user browsing experience, it also provides a new idea for web tracking. In recent years, researchers have proposed browser extension fingerprinting, which uniquely identifies a user by obtaining the list of browser extensions user-installed to realize user tracking.
In order to fully comprehend the detectability of browser extensions, we design NEEX, an automated tool to judge whether the extension can be fingerprinted. It uses extension fingerprinting based on DOM modification of a web page and our newly proposed JavaScript-based extension fingerprinting which utilizes the changes in properties of JavaScript objects caused by the implementation of extension functions. In addition, we use NEEX to conduct a comprehensive analysis of extensions on Google Chrome, which provides the largest number of extensions. In our collected data set containing 91,147 extensions, we can detect the existence of 17.68% extensions. Finally, the superiority of NEEX is proved through comparative experiments with existing works.
This work is supported by the National Natural Science Foundation of China under Grant No. 61402225 and the Science and Technology Funds from National State Grid Ltd. (The Research on Key Technologies of Distributed Parallel Database Storage and Processing based on Big Data).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Browser Market Share Worldwide. https://gs.statcounter.com/browser-market-share. Accessed 14 Jul 2021
Somé, D.F.: EmPoWeb: empowering web applications with browser extensions. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 227–245. IEEE (2019)
JS Window Object Details. http://c.biancheng.net/view/5832.html. Accessed 19 Jul 2021
Statistical Report on the Development of China’s Internet. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/202102/t20210203_71361.htm. Accessed 19 Feb 2021
Acar, G., et al.: FPDetective: dusting the web for fingerprinters. In: Proceedings of the 2013 ACM SIGSAC conference on Computer and Communications Security, pp. 1129–1140 (2013)
Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14527-8_1
Vastel, A., Laperdrix, P., Rudametkin, W., Rouvoy, R.: Fp-Scanner: the privacy implications of browser fingerprint inconsistencies. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 135–150 (2018)
Sanchez-Rola, I., Santos, I., Balzarotti, D.: Clock around the clock: time-based device fingerprinting. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1502–1514 (2018)
Cao, Y., Li, S., Wijmans, E., et al.: (Cross-) browser fingerprinting via OS and hardware level features. In: NDSS (2017)
Wu, S., Li, S., Cao, Y., Wang, N.: Rendered private: making GLSL execution uniform to prevent WebGL-based browser fingerprinting. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1645–1660 (2019)
Starov, O., Nikiforakis, N.: Extended tracking powers: measuring the privacy diffusion enabled by browser extensions. In: Proceedings of the 26th International Conference on World Wide Web, pp. 1481–1490 (2017)
Mowery, K., Bogenreif, D., Yilek, S., Shacham, H.: Fingerprinting information in JavaScript implementations. Proc. W2SP 2(11), 180–193 (2011)
Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: exploring the ecosystem of web-based device fingerprinting. In: 2013 IEEE Symposium on Security and Privacy, pp. 541–555. IEEE (2013)
Gulyas, G.G., Some, D.F., Bielova, N., Castelluccia, C.: To extend or not to extend: on the uniqueness of browser extensions and web logins. In: Proceedings of the 2018 Workshop on Privacy in the Electronic Society, pp. 14–27 (2018)
Sanchez-Rola, I., Santos, I., Balzarotti, D.: Extension breakdown: security analysis of browsers extension resources control policies. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 679–694 (2017)
Sjösten, A., Van Acker, S., Picazo-Sanchez, P., Sabelfeld, A.: Latex gloves: protecting browser extensions from probing and revelation attacks. Power 57 (2018)
Sjösten, A., Van Acker, S., Sabelfeld, A.: Discovering browser extensions via web accessible resources. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 329–336 (2017)
Starov, O., Nikiforakis, N.: XHOUND: quantifying the fingerprintability of browser extensions. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 941–956. IEEE (2017)
Trickel, E., Starov, O., Kapravelos, A., Nikiforakis, N., Doupé, A.: Everyone is different: Client-side diversification for defending against extension fingerprinting. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1679–1696 (2019)
Schwarz, M., Lackner, F., Gruss, D.: JavaScript template attacks: automatically inferring host information for targeted exploits. In: NDSS (2019)
Borgolte, K., Feamster, N.: Understanding the performance costs and benefits of privacy-focused browser extensions. In: Proceedings of The Web Conference 2020, pp. 2275–2286 (2020)
Development Guide of Mozilla Add-ons. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/web_accessible_resources. Accessed 21 Jul 2021
Nakibly, G., Shelef, G., Yudilevich, S.: Hardware fingerprinting using HTML5. arXiv preprint arXiv:1503.01408 (2015)
Salo, T.J.: Multi-factor fingerprints for personal computer hardware. In: MILCOM 2007-IEEE Military Communications Conference, pp. 1–7. IEEE (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Lyu, T., Liu, L., Zhu, F., Yang, J., Hu, S., Huang, Y. (2022). NEEX: An Automated and Efficient Tool for Detecting Browser Extension Fingerprint. In: Meng, W., Katsikas, S.K. (eds) Emerging Information Security and Applications. EISA 2021. Communications in Computer and Information Science, vol 1403. Springer, Cham. https://doi.org/10.1007/978-3-030-93956-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-93956-4_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93955-7
Online ISBN: 978-3-030-93956-4
eBook Packages: Computer ScienceComputer Science (R0)