Learn, hack!

URL

https://media.blackhat.com/bh-us-12/Briefings/Fleischer/BH_US_12_Fleischer_Implementing_Web_Tracking_gfleischer_Slides.pdf

File name

BH_US_12_Fleischer_Implementing_Web_Tracking_gfleischer_Slides.pdf

File size

17.3 MB

MD5

8c31ad91777cf0ddc800f4756bcc0f28

SHA1

62c94f7b8384e5e321668bcd8fe8200442094b80

There has been a lot of conversation recently around the privacy degrading techniques used by shady online advertisers, faceless megacorps, and social network overlords to track users across the web. But, after all the recriminations and fancy infographics about the supposed loss of privacy, where does that leave people who need to implement tracking of website visitors? People seem so distracted with "punch the monkey" advertising cookies that they have lost a sense of the need to legitimately track and identify potential bad actors. This talk is a technical examination of the tracking techniques that can be implemented to identify and track users via their web browsers. The key concepts of active and passive fingerprinting, tracking, and user unmasking are discussed in detail. From the humble browser cookie to more advanced techniques to sidestep private browsing modes, the most effective approaches are discussed in relation to the various web browsers across operating systems and desktop and mobile environments. At the conclusion of the presentation, an open source tracking server will be released that implements the techniques covered in the talk. Additionally, several utilities to facilitate injection of tracking content and correlation of collected data will also be made available. These tools will be suitable to deploy on your network to track web users or on your local machine in a standalone "Track Yourself" mode.