Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upBrave is detectable #11012
Brave is detectable #11012
Comments
|
cc @diracdeltas |
|
@diracdeltas will this be closed in favor of #10655? |
|
@luixxiul At that time there were 3 ways. Now I've found 7 ways. Even with the latest update there were no fixes. |
|
Although our HackerOne bounty program lists detecting Brave as out-of-scope, I would accept this as eligible if you found an attack that sets the User-Agent (or some other commonly-logged browser property) to Brave instead of Chrome OR if the attack worked with scripts disabled. |
|
1 method of the attack can detect without JavaScript enabled. Most reliable one uses JS. Easy Fixes are not easily possible for 1 way(JS way). So its eligible? I will submit after clarification here otherwise I can just give it away to Admiral, they'll be happy, and would reward. |
|
@diracdeltas please close this if this will be also triaged through hackerone. |
|
@diracdeltas Will wait for 1 business day for the reply. Otherwise response will be assumed as negative. |
|
closing this and waiting on the hackerone report, thanks |
Brave can be detected. There are 7 possible ways to easily identify brave, without canvas and shields off. Will be disclosed on hacker one, if bounty eligible. Else solution will be released commercially,