This blog post will discuss a section from Recipe 8-5: Detecting Browser Fingerprint Changes During Sessionsin my book "Web Application Defender's Cookbook: Battling Hackers and Protecting Users".
Web Client Device Fingerprinting
Web client fingerprinting is a centerpiece of modern web fraud detection systems and goes way beyond simply capturing the User-Agent field submitted by clients within web transactions. For instance, common web client fingerprinting usually includes sending client executable code that queries the browser for various settings such as:
- Current screen size
- Time zones
- Browser plug-ins
- Language Settings