In today’s digital life privacy matters a lot for any user. Especially, if the user is surfing internet using any web browser. There are many ways that user can protect himself for revealing his privacy on the internet. And there are many ways that your web browser knows more about your computer than you, demonstrated ethical hacking investigators. Every website that user visit using his web browser website grab lot of information about the web browser. There are many URLs which shows how vulnerable your web browser is from leaking information about you.
Ethical hacking researcher of International Institute of Cyber Security says that below methods can be used in information gathering or you can say reconnaissance phase. Below test are done using proxy in India, so you can test your mobile browsers or system browsers with and without proxy.
There are many methods to show how vulnerable is web browsers are. There are many cross site scripting attacks are used to attack on web browsers to steal credentials of the users. Social engineering attacks are also popular to steal information about the target. Now we will see some website that can help you find what you are leaking to hackers, ethical hacking consultants assure.
- Open any web browser. Go to : https://panopticlick.eff.org
- After opening website, website tells what every website tries to grab about the users.
- Click on test me
- As you click on test me, panopticlick will try to grab details of your browser.
- The above screenshot shows that the web browser is not blocking ads or trackers.
- Every web browser has a unique fingerprint, fingerprinting is a process of the identifying browser based on its unique fingerprinting. The above link also shows web browser has unique fingerprint which can reveal information.
- Most of the websites knows about the computes information. Lets check some another websites which gives more details about the web browser.
- Go to website https://privacy.net/analyzer/
- As you open the above URL, privacy.net will gather information like IP address, location and network operator. Information shown are basic but can be used in information gathering.
- Privacy.net offers some great features which can be analyzed to check web browser activities. You can also check if web browser is having auto fill vulnerability.
- Clicking on the state /province
- If no dropdown appears means web browser is safe from this vulnerability. This vulnerability can reveal your local location over the network.
- privacy.net can authenticate some more info about the web browser. Click on the
- The above screenshot shows browser details like width, height. It even shows the browser date & time. Web browser capabilities shows the settings which are enabled in web browser.
- Further scrolling to the webpage, shows user agent, accept encoding, language, host & cookies. The information collected privacy.net can be used in other hacking activities.
- Open URL : https://browserleaks.com/
- Click the above options to know details of your web browser.
- As we have click on the IP address. It will show the details IP address, country, city, operating system, User agents & location.
- The above screenshot basic info about the web browser.
- Scrolling down the web browser shows location of the web browser.
- The above screen shot shows the exact geolocation of the web browser.
- Now Go to : https://webkay.robinlinus.com/
- This website shows explanation & prevention that how web browser stores your information.
- The above link shows the operating system, browser, plugins which are installed.
- The site also shows hardware specifications of the system.
- The site also tells your location if you have enabled your location services.
- If you click on the maps, it will show your real location with longitude and latitude taken from the webkay.com
- The above information can be used in initial phase of pentesting.
Cyber Security Researcher. Information security specialist, currently working as risk infrastructure specialist & investigator. He is a cyber-security researcher with over 25 years of experience. He has served with the Intelligence Agency as a Senior Intelligence Officer. He has also worked with Google and Citrix in development of cyber security solutions. He has aided the government and many federal agencies in thwarting many cyber crimes. He has been writing for us in his free time since last 5 years.