项目作者: yusukeshibata

项目描述 :
Server-side fingerprinting
高级语言: TypeScript
项目地址: git://github.com/yusukeshibata/express-fingerprint.git
创建时间: 2016-05-25T14:10:03Z
项目社区:https://github.com/yusukeshibata/express-fingerprint

开源协议:

下载


Fingerprint express middleware

https://w3c.github.io/fingerprinting-guidance/#bib-NDSS-FINGERPRINTING

Passive fingerprinting is browser fingerprinting based on characteristics observable in the contents of Web requests, without the use of any code executing on the client side.

Passive fingerprinting would trivially include cookies (often unique identifiers sent in HTTP requests) and the set of HTTP request headers and the IP address and other network-level information. The User-Agent string, for example, is an HTTP request header that typically identifies the browser, renderer, version and operating system. For some populations, the user agent string and IP address will commonly uniquely identify a particular user’s browser.

Default implementation is Never trust clients, So collect only server-side information.
But you can push additional parameter with initialization config.

TODO

Implement this:
http://research.microsoft.com/pubs/156901/ndss2012.pdf

Installation

  1. npm install express-fingerprint

Usage

As a Express middleware

  1. var Fingerprint = require('express-fingerprint')
  2. app.use(Fingerprint({
  3. parameters:[
  4. // Defaults
  5. Fingerprint.useragent,
  6. Fingerprint.acceptHeaders,
  7. Fingerprint.geoip,
  8. // Additional parameters
  9. function(next) {
  10. // ...do something...
  11. next(null,{
  12. 'param1':'value1'
  13. })
  14. },
  15. function(next) {
  16. // ...do something...
  17. next(null,{
  18. 'param2':'value2'
  19. })
  20. },
  21. ]
  22. }))
  23. app.get('*',function(req,res,next) {
  24. // Fingerprint object
  25. console.log(req.fingerprint)
  26. })

req.fingerprint object is like below.

  1. {
  2. "hash": "bd767932c289b92b4de510f4c4d48246",
  3. "components": {
  4. "useragent": {
  5. "browser": {
  6. "family": "Chrome",
  7. "version": "50"
  8. },
  9. "device": {
  10. "family": "Other",
  11. "version": "0"
  12. },
  13. "os": {
  14. "family": "Mac OS",
  15. "major": "10",
  16. "minor":"11"
  17. },
  18. "acceptHeaders": {
  19. "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
  20. "encoding": "gzip, deflate, sdch",
  21. "language": "en-US,en;q=0.8"
  22. },
  23. "geoip": {
  24. "country": "US",
  25. "resion": "CA",
  26. "city": "San Francisco"
  27. },
  28. "param1": "value1",
  29. "param2": "value2"
  30. }
  31. }

List of fingerprinting sources

  • User Agent
  • HTTP_ACCEPT Headers
  • GEO-ip

License

MIT