当前位置: 文江博客话题详情

是否可以通过返回虚假的已安装字体列表来阻止浏览器指纹识别?

发布于 2024-10-11 11:06:32 字数 152 浏览 3 评论 0原文

是否可以编写一个程序来屏蔽计算机上安装的字体集,以便字体列表显示为“普通”并且对于创建〜独特的指纹没有多大价值? https://panopticlick.eff.org/

原文

Is it possible to write a program that masks the set of fonts installed on the computer, so the font list would appear "plain vanilla" and would not be of much value in creating a ~unique fingerprint? https://panopticlick.eff.org/

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

吃兔兔 2024-10-18 11:06:32

某些浏览器可能对此有一些支持,但使用任何浏览器,您都可以拦截用于枚举字体列表的 winapi 调用。

基本上,您编写一个将加载到浏览器进程中的 dll,然后它将拦截浏览器在枚举字体时对操作系统进行的调用。只需查找 Windows 中的哪些函数用于枚举字体,然后在您的 dll 中伪造它们即可。 (但这可能需要一些工作,因为您必须重写字体枚举逻辑)。

另外,某些浏览器很可能只是读取注册表来枚举字体,而不使用专门的字体函数,在这种情况下,您将不得不拦截registry-winapi函数,并确保它们报告您想要的字体列表。

要将 dll 加载到目标进程中,您可以使用 Windows 挂钩,或使用 .exe 文件编辑器将 dll 添加到浏览器 exe 文件的导入表中。注册表中还有一个特殊的地方,如果你在那里添加一个dll,它将被加载到系统中的每个进程。 (然后你必须检查浏览器进程,然后只拦截 api 调用,这样不是系统上的每个程序都会获得伪造的字体列表)。

另外,浏览器可能会在另一个进程中运行一些插件、activex 控件、java 或类似的东西(例如,chrome 在不同进程中运行每个选项卡),所以我会检查每个进程的父进程,如果你看到它已经被浏览器启动了,在这个过程中也拦截字体列表。这样,目标网页将无法通过flash、插件、java或任何其他方式获取真实的字体列表。

拦截 winapi 调用的良好开端可以在这里找到: http://www.codeproject.com /KB/system/InterceptWinAPICalls.aspx

因此,这是一种可靠的方法,虽然不可能在一小时内完成,但也不是太复杂。

当然,这不仅会使您的字体列表变得虚假,还会使浏览器看不到也无法显示不在列表中的字体。

当然,这一切对于 Windows 来说都是有效的,但在其他操作系统上肯定也有类似的方法。

另外,值得注意的是,如果您禁用了 javascript 和插件(flash),我认为网页无法读取字体列表。

There is probably some support for that in some browsers, but with any browser you could intercept the winapi calls for enumerating the font list.

Basically you write a dll that will be loaded into the browser process, and then it will intercept the calls the browser will make to the OS when it will enumerate fonts. Just lookup which functions in windows are used for enumerating fonts, and fake them in your dll. (that could be some work though, because you will have to rewrite the font enumerating logic).

Also, some of the browsers may very well just read the registry to enumerate fonts, and not use the specialized fontfunctions, in that case you will have to intercept the registry-winapi functions, and make sure they report the font list that you want.

For loading your dll into the target process you could use Windows hooks, or use a .exe file editor to add your dll to import table of the browser's exe file. There is also a special place in the registry where if you add a dll there, it will be loaded to every process in the system. (then you'll have to check for browser process, and only intercept api calls then, so that not every program on your system will get the bogus font list).

Also, it is possible that a browser will run some plugin, or activex control, or java, or something like that in another process (chrome runs every tab in different processes for example), so I would check every process' parent, and if you see that it has been started by the browser, intercept the font list in that process also. That way, the target webpage won't be able to get the real font list through flash, plugins, java, or anything.

A good start to intercepting winapi calls can be found here: http://www.codeproject.com/KB/system/InterceptWinAPICalls.aspx

So this is a reliable way to do this, and although it can't be done in an hour, it's not overly complicated either.

Of course, this will not only make your font list bogus, it will also make the browser not see and be able to display the fonts that are not in the list.

And this all is valid for Windows of course, but there are surely similair ways to do this on other OSes.

Also, worth to note, I don't think a webpage can read the font list if you have disabled javascript and plugins(flash).

回复 原文
小女人ら 2024-10-18 11:06:32
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
    <head>
        <title>Font detector</title>
        <style type="text/css" media="screen">

            #font_detector_box{ visibility: hidden; }
            #font_detector_box span.font{ padding: 0px; margin: 0px; border: none;  font-size: 10px; letter-spacing: 1px; }

        </style>        
    </head>
    <body>
        <h1>Font Detection Page</h1>
        <p>This page is a sample for font detection tecniques</p>

        <h2>List of fonts installed on your machine</h2>
        <span id="font_list_display">
        </span>

        <!-- Invisible div -->
        <div id="font_detector_box">            
            <span class="font family_Arial" style="font-family: Arial, Verdana !important">mmm</span>
            <span class="font family_Comics_Sans_MS" style="font-family: Comic Sans MS, Arial !important">mmm</span>
            <span class="font family_Georgia" style="font-family: Georgia, Arial !important">mmm</span>
            <span class="font family_Helvetica" style="font-family: Helvetica, Verdana !important">mmm</span>           
            <span class="font family_Verdana" style="font-family: Verdana, Arial !important">mmm</span>
            <span class="font family_Times_New_Roman" style="font-family: Times New Roman, Arial !important">mmm</span>
        </div>

    </body>
    <script type="text/javascript"src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js"></script>
    <script type="text/javascript">

        var fontMeasures = new Array( );

        //Web safe
        fontMeasures["Arial"] =  new Array( "30px", "13px" );
        fontMeasures["Comics_Sans_MS"] = new Array( "27px" , "14px" );
        fontMeasures["Georgia"] = new Array( "33px" , "13px" );     
        fontMeasures["Helvetica"] = new Array( "30px" , "13px" );
        fontMeasures["Verdana"] = new Array( "36px" , "12px" );
        fontMeasures["Times_New_Roman"] = new Array( "27px" , "12px" );

        var msg = "";

        $( ".font" , "#font_detector_box" ).each( function( ){

            var fontFamily = $( this ).attr( "class" ).toString( ).replace( "font " , "" ).replace( "family_" , "" );

            var width = $( this ).css( "width" );

            var height = $( this ).css( "height" );

            //alert( width + height );

            if( fontMeasures[fontFamily][0] === width && fontMeasures[fontFamily][1] === height ){

                var family = fontFamily.replace( /_/g , " " );

                msg += '<span class="font-family: '+ family + ';">' + family + '</span> <br/>';

            }           

        });

        $( "#font_list_display" ).html( msg );

    </script>
</html>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
    <head>
        <title>Font detector</title>
        <style type="text/css" media="screen">

            #font_detector_box{ visibility: hidden; }
            #font_detector_box span.font{ padding: 0px; margin: 0px; border: none;  font-size: 10px; letter-spacing: 1px; }

        </style>        
    </head>
    <body>
        <h1>Font Detection Page</h1>
        <p>This page is a sample for font detection tecniques</p>

        <h2>List of fonts installed on your machine</h2>
        <span id="font_list_display">
        </span>

        <!-- Invisible div -->
        <div id="font_detector_box">            
            <span class="font family_Arial" style="font-family: Arial, Verdana !important">mmm</span>
            <span class="font family_Comics_Sans_MS" style="font-family: Comic Sans MS, Arial !important">mmm</span>
            <span class="font family_Georgia" style="font-family: Georgia, Arial !important">mmm</span>
            <span class="font family_Helvetica" style="font-family: Helvetica, Verdana !important">mmm</span>           
            <span class="font family_Verdana" style="font-family: Verdana, Arial !important">mmm</span>
            <span class="font family_Times_New_Roman" style="font-family: Times New Roman, Arial !important">mmm</span>
        </div>

    </body>
    <script type="text/javascript"src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js"></script>
    <script type="text/javascript">

        var fontMeasures = new Array( );

        //Web safe
        fontMeasures["Arial"] =  new Array( "30px", "13px" );
        fontMeasures["Comics_Sans_MS"] = new Array( "27px" , "14px" );
        fontMeasures["Georgia"] = new Array( "33px" , "13px" );     
        fontMeasures["Helvetica"] = new Array( "30px" , "13px" );
        fontMeasures["Verdana"] = new Array( "36px" , "12px" );
        fontMeasures["Times_New_Roman"] = new Array( "27px" , "12px" );

        var msg = "";

        $( ".font" , "#font_detector_box" ).each( function( ){

            var fontFamily = $( this ).attr( "class" ).toString( ).replace( "font " , "" ).replace( "family_" , "" );

            var width = $( this ).css( "width" );

            var height = $( this ).css( "height" );

            //alert( width + height );

            if( fontMeasures[fontFamily][0] === width && fontMeasures[fontFamily][1] === height ){

                var family = fontFamily.replace( /_/g , " " );

                msg += '<span class="font-family: '+ family + ';">' + family + '</span> <br/>';

            }           

        });

        $( "#font_list_display" ).html( msg );

    </script>
</html>
回复 原文
~没有更多了~

关于作者

§对你不离不弃

暂无简介

0 文章
0 评论
21 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

留蓝

文章 0 评论 0

18790681156

文章 0 评论 0

zach7772

文章 0 评论 0

Wini

文章 0 评论 0

ayeshaaroy

文章 0 评论 0

初雪

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文