Gummy Browsers attack allows you to spoof the user's identity

ExcalibuR

Legend
LEGEND
PREMIUM
MEMBER
Joined
Jan 17, 2025
Messages
4,030
Reaction score
7,881
Deposit
11,800$
By luring a victim to a website under his control, the attacker creates a digital fingerprint of the victim and uses it for illegal activities.

58eb472405b968068a160.jpg



American scientists have presented a new method called Gummy Browsers, with which you can create a "cloned" digital fingerprint of a user by copying the characteristics of his browser. To do this, the attacker needs to lure the victim to a website under his control and create his digital fingerprint, which can then be used to spoof identity on different platforms, illegal activity, bypass two-factor authentication, etc.

As part of the study, specialists have developed the following methods of substituting personality on various sites:
  • Script Injection - Spoofing a user's digital fingerprint by executing scripts (using a Selenium tool) that add values extracted from JavaScript API calls.
  • Browser Configuration and Debugging Tools - Both tools can be used to change browser attributes to any value, which will affect the JavaScript API and the corresponding value in the HTTP header.
  • Script modification - changing browser properties by modifying scripts embedded in a web site before sending them to the web server.
Using the Gummy Browsers method, experts were able to trick digital fingerprint tracking systems such as FPStalker and Panopliclick.

“The results showed that Gummy Browsers can successfully simulate the victim's browser without affecting the tracking of other users. Since the acquisition and spoofing of browser characteristics go unnoticed by both the user and the remote web server, the [attack] Gummy Browsers can be easily launched, but it will be difficult to detect it, ”the researchers noted.
 
Top Bottom