Post Reply 
Keeping Javascript from leaking browser/system information
Jan. 18, 2016, 01:38 AM
Post: #1
Keeping Javascript from leaking browser/system information
Hello there.

How would I go about creating a web filter that would prevent information pertaining both browser and system from being undisclosed by this particular page: https://www.browserleaks.com/javascript ?

I've tried both "Kill Nosey JavaScripts" and "Hide Browser's Identity from JS", but to no avail.

Browsing with Opera 12.14.

Thanks for your time and sorry for the inconveniences.

"He that believeth on the Son hath everlasting life: and he that believeth not the Son shall not see life; but the wrath of God abideth on him" - John 3:36
Add Thank You Quote this message in a reply
Jan. 19, 2016, 05:34 AM
Post: #2
RE: Keeping Javascript from leaking browser/system information
First merge

Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Content-Type: Fix application/javascript (In)"
Match = "application/javascript"
Replace = "text/javascript; PrxMsg: Fixed acc. to Original: application/javascript"

(Jan. 18, 2016 01:38 AM)Greyhat Harry Wrote:  How would I

Quick easy answer is, enable "Disable JavaScript". Wink

You can block suspect scripts but they can rename or obfuscate them.

You can rename like
Code:
Name = "Stop OnMouseOver events"
Active = FALSE
Limit = 20
Match = "onmouseover="
Replace = "OnPheasantOver="
but they can obfuscate "onmouseover=".

Sometimes you can specify a value before they can read it.
Code:
Name = "Hide Browser's Referrer from JS"
Active = TRUE
Limit = 15
Match = ".referrer"
Replace = ".referrer.substr(0,0)+"\u""

Unfortunately, preventing disclosure may mark you as unique...

You might find https://www.torproject.org/projects/torbrowser/design/ interesting.

(Jan. 18, 2016 01:38 AM)Greyhat Harry Wrote:  I've tried both "Kill Nosey JavaScripts" and "Hide Browser's Identity from JS", but to no avail.

"Kill Nosey JavaScripts" missed due to its bounds.
"Hide Browser's Identity from JS" miss was due to the server's use of the application/javascript content type. The header filter you merged changes application/javascript to
Code:
Content-Type: text/javascript; PrxMsg: Fixed acc. to Original: application/javascript

HTH
Add Thank You Quote this message in a reply
Jan. 22, 2016, 02:48 AM (This post was last modified: Jan. 22, 2016 02:51 AM by Greyhat Harry.)
Post: #3
RE: Keeping Javascript from leaking browser/system information
Thank you JJoe! that's exactly what I needed. Sorry also about the delay.

I understand there's no silver bullet when it comes to this, but figuring things out on a per-page basis (while following the pattern you've provided), is good enough for the kind of task I have before me. Truth to be told, there's hardly any website for which I'd bother turning javascript on (the page I've linked to isn't one of them, yet it's technically very similar to the one I'm actually interested in), and everything else I handle with bare, minimum functionality.

As touching uniqueness, not a problem in this case either, though I personally lean towards full secrecy, for even plausible deniability has limited value where the rule of law's been systematically trodden under foot.

"He that believeth on the Son hath everlasting life: and he that believeth not the Son shall not see life; but the wrath of God abideth on him" - John 3:36
Add Thank You Quote this message in a reply
Jan. 22, 2016, 09:40 AM
Post: #4
RE: Keeping Javascript from leaking browser/system information
(Jan. 19, 2016 05:34 AM)JJoe Wrote:  
(Jan. 18, 2016 01:38 AM)Greyhat Harry Wrote:  How would I

Quick easy answer is, enable "Disable JavaScript". Wink

You can block suspect scripts but they can rename or obfuscate them.

Greyhat Harry,

you really will find that your *BEST* answer really is to DISABLE JAVASCRIPT !!!...
only use javascript on the HANDFUL of sites that you REALLY 'need it'...

you will find that you are chasing your tail "trying" to block suspect scripts...
and that the ONLY time that you even find yourself trying to block them is *AFTER* they already did what they saught out to do...
so in a sense, WHY even block it after-the-fact, the "damage is already done"...
Add Thank You Quote this message in a reply
Jan. 24, 2016, 02:47 AM
Post: #5
RE: Keeping Javascript from leaking browser/system information
I know virtually not a thing about javascript other than the fact that it's interpreted and mostly used for evil purposes, but having a programming background, I recalled my TRS-80 Model I Basic days, and I figured there may be certain statements available to Opera's implementation of the language that could potentially be parsed out so that they won't be used at all by the script. Kind of like the classic "mem" which reveals whatever amount of memory's available to the program, and failing to use it would render it unable to tell one way or the other about this particular aspect of the system.

I started using Proxomitron many moons ago, about the time I came across another app (now defunct and virtually useless, unlike good ole' Proxo) called Multiproxy, and I even managed to interface them together, but not once did I ever touch javascript, only html, thus all I needed was a lil push in the right direction Smile!

"He that believeth on the Son hath everlasting life: and he that believeth not the Son shall not see life; but the wrath of God abideth on him" - John 3:36
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: