Skip to main content

NEEX: An Automated and Efficient Tool for Detecting Browser Extension Fingerprint

  • Conference paper
  • First Online:
Emerging Information Security and Applications (EISA 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1403))

  • 573 Accesses

Abstract

Browser extensions have gradually replaced plug-ins as auxiliary tools to enhance browser features, such as ad-blocking, image favorites, user agent randomization, etc. While improving user browsing experience, it also provides a new idea for web tracking. In recent years, researchers have proposed browser extension fingerprinting, which uniquely identifies a user by obtaining the list of browser extensions user-installed to realize user tracking.

In order to fully comprehend the detectability of browser extensions, we design NEEX, an automated tool to judge whether the extension can be fingerprinted. It uses extension fingerprinting based on DOM modification of a web page and our newly proposed JavaScript-based extension fingerprinting which utilizes the changes in properties of JavaScript objects caused by the implementation of extension functions. In addition, we use NEEX to conduct a comprehensive analysis of extensions on Google Chrome, which provides the largest number of extensions. In our collected data set containing 91,147 extensions, we can detect the existence of 17.68% extensions. Finally, the superiority of NEEX is proved through comparative experiments with existing works.

This work is supported by the National Natural Science Foundation of China under Grant No. 61402225 and the Science and Technology Funds from National State Grid Ltd. (The Research on Key Technologies of Distributed Parallel Database Storage and Processing based on Big Data).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Browser Market Share Worldwide. https://gs.statcounter.com/browser-market-share. Accessed 14 Jul 2021

  2. Somé, D.F.: EmPoWeb: empowering web applications with browser extensions. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 227–245. IEEE (2019)

    Google Scholar 

  3. JS Window Object Details. http://c.biancheng.net/view/5832.html. Accessed 19 Jul 2021

  4. Statistical Report on the Development of China’s Internet. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/202102/t20210203_71361.htm. Accessed 19 Feb 2021

  5. Acar, G., et al.: FPDetective: dusting the web for fingerprinters. In: Proceedings of the 2013 ACM SIGSAC conference on Computer and Communications Security, pp. 1129–1140 (2013)

    Google Scholar 

  6. Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14527-8_1

    Chapter  Google Scholar 

  7. Vastel, A., Laperdrix, P., Rudametkin, W., Rouvoy, R.: Fp-Scanner: the privacy implications of browser fingerprint inconsistencies. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 135–150 (2018)

    Google Scholar 

  8. Sanchez-Rola, I., Santos, I., Balzarotti, D.: Clock around the clock: time-based device fingerprinting. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1502–1514 (2018)

    Google Scholar 

  9. Cao, Y., Li, S., Wijmans, E., et al.: (Cross-) browser fingerprinting via OS and hardware level features. In: NDSS (2017)

    Google Scholar 

  10. Wu, S., Li, S., Cao, Y., Wang, N.: Rendered private: making GLSL execution uniform to prevent WebGL-based browser fingerprinting. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1645–1660 (2019)

    Google Scholar 

  11. Starov, O., Nikiforakis, N.: Extended tracking powers: measuring the privacy diffusion enabled by browser extensions. In: Proceedings of the 26th International Conference on World Wide Web, pp. 1481–1490 (2017)

    Google Scholar 

  12. Mowery, K., Bogenreif, D., Yilek, S., Shacham, H.: Fingerprinting information in JavaScript implementations. Proc. W2SP 2(11), 180–193 (2011)

    Google Scholar 

  13. Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: exploring the ecosystem of web-based device fingerprinting. In: 2013 IEEE Symposium on Security and Privacy, pp. 541–555. IEEE (2013)

    Google Scholar 

  14. Gulyas, G.G., Some, D.F., Bielova, N., Castelluccia, C.: To extend or not to extend: on the uniqueness of browser extensions and web logins. In: Proceedings of the 2018 Workshop on Privacy in the Electronic Society, pp. 14–27 (2018)

    Google Scholar 

  15. Sanchez-Rola, I., Santos, I., Balzarotti, D.: Extension breakdown: security analysis of browsers extension resources control policies. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 679–694 (2017)

    Google Scholar 

  16. Sjösten, A., Van Acker, S., Picazo-Sanchez, P., Sabelfeld, A.: Latex gloves: protecting browser extensions from probing and revelation attacks. Power 57 (2018)

    Google Scholar 

  17. Sjösten, A., Van Acker, S., Sabelfeld, A.: Discovering browser extensions via web accessible resources. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 329–336 (2017)

    Google Scholar 

  18. Starov, O., Nikiforakis, N.: XHOUND: quantifying the fingerprintability of browser extensions. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 941–956. IEEE (2017)

    Google Scholar 

  19. Trickel, E., Starov, O., Kapravelos, A., Nikiforakis, N., Doupé, A.: Everyone is different: Client-side diversification for defending against extension fingerprinting. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1679–1696 (2019)

    Google Scholar 

  20. Schwarz, M., Lackner, F., Gruss, D.: JavaScript template attacks: automatically inferring host information for targeted exploits. In: NDSS (2019)

    Google Scholar 

  21. Borgolte, K., Feamster, N.: Understanding the performance costs and benefits of privacy-focused browser extensions. In: Proceedings of The Web Conference 2020, pp. 2275–2286 (2020)

    Google Scholar 

  22. Development Guide of Mozilla Add-ons. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/web_accessible_resources. Accessed 21 Jul 2021

  23. Nakibly, G., Shelef, G., Yudilevich, S.: Hardware fingerprinting using HTML5. arXiv preprint arXiv:1503.01408 (2015)

  24. Salo, T.J.: Multi-factor fingerprints for personal computer hardware. In: MILCOM 2007-IEEE Military Communications Conference, pp. 1–7. IEEE (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ting Lyu .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lyu, T., Liu, L., Zhu, F., Yang, J., Hu, S., Huang, Y. (2022). NEEX: An Automated and Efficient Tool for Detecting Browser Extension Fingerprint. In: Meng, W., Katsikas, S.K. (eds) Emerging Information Security and Applications. EISA 2021. Communications in Computer and Information Science, vol 1403. Springer, Cham. https://doi.org/10.1007/978-3-030-93956-4_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-93956-4_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-93955-7

  • Online ISBN: 978-3-030-93956-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics