Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Fingerprinting protections bypassable #11683
Many of the current fingerprinting protections rely on removing references to methods from the global object. However, you can get alternate references to the same methods by inserting a configured iframe element and grabbing the references off
Steps to Reproduce
Reproduces how often: 100%
Reproducible on current live release:
@diracdeltas Re our conversation on slack.
Happy to contribute a PR, but wanted to make sure my proposed solution was useful first. How does overwriting the getter for the following methods to return the blocking proxy sound?
This will break some patterns of cross domain access, but (hopefully?) this is very rare, and most of the world has moved on to "Channel Messaging" for these use cases.
nvm, the attack vector above is somewhat different since it is for fingerprinting by creating canvas elements in an iframe, whereas this issue is for using prototype methods in the child frames to do fingerprinting in the parent frame. @snyderp your approach sounds good to me.