Author Topic: Browser Tracking Scripts Prevention  (Read 318 times)

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 530
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Browser Tracking Scripts Prevention
« on: January 07, 2018, 08:58:49 PM »
Hi Guys ,

Meanwhile , all popular browsers have an integrated login manager . This feature is not only convenient for users , but also for dodgy advertisers who misuse the data for user tracking . For example, in January 2017 , Finnish web developer and hacker "Viljami Viljami Kuosmanen" described a phishing method that also uses "Autofill" . Like "Kuosmanen" , the researchers at Princeton University also advise deactivating the "Autofill" function in the browser . If you want to get an idea of the attack , you can also follow it yourself on a *demo website* set up by the research team.

Many websites include third-party tracking scripts that extract email addresses from login managers in the browser and send them to remote servers . This emerges from an analysis of around 50,000 websites by security researchers at Princeton University . Thus , over 1100 of these pages contained data-collecting JavaScript code from two different advertising companies .

As an Example : The autofill function must be active in the browser for automated retrieval of the e-mail addresses . After the user has consented to the persistent storage of the login data in the browser during the registration process on the website , the tracking script lurks on any subpage of the same domain . There it generates an invisible login form - and then simply waits until the login manager enters the requested data independently.

If you want , go check yourself ! >>> * https://senglehardt.com/demo/no_boundaries/loginmanager/ *
« Last Edit: January 07, 2018, 09:11:42 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek