BrowserAutomationStudio 21.5.1 has been released


  • administrators

    Version 21.5.1 has been released. It contains many changes related to browser anonymity. Let's take a closer look at them:

    Modern browsers support API for working with sound. Using this API, site can generate and process sound, as well as access to binary data. Similar to Canvas and WebGL, the sound data also contains slight differences depending on the hardware, browser and system. These differences can be used to identify you among other users of the site, even when using a proxy. The new version supports audio fingerprinting - BAS adds different noise patterns to the returned audio data each time the fingerprint changes. In addition, this API also gives access to various system parameters related to sound. BAS replaces these parameters, values ​​are taken from real devices using the FingerprintSwitcher service.

    More information about this technique can be found in this article http://randomwalker.info/publications/OpenWPM_1_million_site_tracking_measurement.pdf paragraph 6.4.
    On this site you can get audio fingerprint for your browser https://audiofingerprint.openwpm.com/

    Site can obtain information about the system language in several ways: from Accept-Language header, navigator.language and navigator.languages methods, as well as from internalization API. These properties may contain not only one, but several languages, and the Accept-Language header has a different format depending on the system. These differences are one of browser fingerprinting factors. After a short test, it was discovered that for 20,000 users there are 751 unique values ​​of the Accept-Language field. Of course, replacing these fields with real values ​​from another device would be wrong, because it would create a discrepancy between the system language and the current proxy. Therefore, an algorithm was developed that "connects" the country / language of the current IP and the format of real fields from a real device. For example, if the original header was ru-RU,en-US;q=0.9, and the proxy is in Germany, the result would be de-DE,en-US;q=0.9. The algorithm correctly preserves the format and removes additional languages, for example, such a field ru, uk;q=0.8, be;q=0.8, en;q=0.7, *;q=0.01 will be replaced with following de, en;q=0.8, *;q=0.01. The current IP, country, and language is obtained after changing a proxy.

    More information about Accept-Language https://tools.ietf.org/html/rfc7231#section-5.3.5
    Testing algorithm results https://pastebin.com/raw/mmgVmbyb

    One of the properties of hardware which is allowed to access from web is the battery charge. Researches in the article below shows that this information is not dangerous for the user, because it allows to track him only in the short term. Indeed, the battery charge is constantly changing, and it is impossible to predict what values ​​will it have in a long time. However, this method can be useful for tracking mass actions. Imagine that you are running BAS from a laptop, and the site sees thousands of registrations from a device which charge is 56%, and 35 minutes are left until the end of charging. Of course, you can run the software only on a device without battery or from a fully charged laptop, but this can also be suspicious especially when using mobile fingerprints. Therefore, the decision was made to emulate the charging / discharging of the battery, as well as all the events and values ​​returned by API on devices that have a battery. Information about battery availability provides FingerprintSwitcher. Here's how it might look: https://i.imgur.com/tDnZFDl.png, on the chart you can see that the values ​​are gradually decreasing.

    Article about battery fingerprints https://eprint.iacr.org/2015/616.pdf
    Check battery API for your browser https://fingerprints.bablosoft.com/battery

    BAS uses a certain amount of auxiliary code for searching elements on page, implementing recaptcha injections and others. Before now, software could be detected by checking presence of this functionality, so in the new version it is hidden, all the function names are generated randomly and are different for each thread. The mechanism for injecting fingerprints has been reworked. Earlier, BAS relied on the constructions like this: Object.defineProperty(...), now the substitution occurs inside the browser. The old method is used only to change the list of plugins and in places where it is absolutely necessary. For example, Chrome, unlike Firefox, does not support API for working with VR helmets. Therefore, to emulate this functionality, javascript is used. Bypassing some of the other methods that are used to determine the browser engine is also rewritten with c++.

    The mouse emulation has been improved. When moving to element which is invisible on the screen, the mouse wheel is used to scroll page, and not javascript as before. If the element is far beyond the visible area, the speed of the scroll is much faster than if it is very close. Here's how it looks like https://i.imgur.com/IdH2edf.gifv. The initial position of the cursor is chosen randomly, and not in the upper left corner as before. Increased frequency of generating events associated with the movement of the mouse.

    Header order emulation was temporary removed after moving to tunneling technique to implement proxy. Now this functionality is reimplemented. The order of the headers is taken from the real devices.

    Added the ability to save a fingerprint in the profile folder and upload it from there when applying a profile. When you receive information about the current profile, you can find out if it contains a fingerprint, the result will be returned to the HAS_FINGERPRINT variable.

    The font replacement algorithm has been completely rewritten. Previously, BAS was injected into the browser process "on the fly" and replaced some system calls, now the same effect is achieved by changing the source code of the browser. The new implementation allows you to change the font set without restarting the browser, as well as get rid of some bugs. For now for full-fledged work, it is desirable that on the machine on which BAS runs, as many fonts are installed as possible. Later new fonts will be generated even without actual presence on a system by adding noise.

    Flash tunneling support added. This means that absolutely all requests that the flash process makes will pass through a given proxy. Also note, that flash has much greater capabilities than javascript and therefore enabling flash makes your browser more detectable. In BAS, most likely, the techniques will not be used to make flash more secure, as is done with javascript because its support will be terminated by Adobe in 2020 https://theblog.adobe.com/adobe-flash-update/ With a flash element smaller than a certain size, Chrome asks the user to confirm its launch, the new BAS version works in a same way as user automatically agrees to do this(if the flash is turned on).

    You can check ip returned by flash on this site https://whatleaks.com/

    Some other changes which doesn't concern browser fingerprints:

    The web interface can now use localStorage to store software settings between launches.

    Calling BAS_API method inside Node.js now generates an exception in case of an error. Now you can do this:

    try
    {
    	await BAS_API(`load("wrongurl11111.com")!`)
    }catch(e)
    {
    	console.log(`Something went wrong: ${e}`)
    }
    

    There is a new setting for protected application: "Allow only single instance of the application."

    BAS executables are now signed. This allows to quickly pass SmartScreen challenge on Windows 10, as well as to avoid false positives of antiviruses.

    Edge scrolling is implemented in scenario editor.

    Lots of bugs was fixed, the most important are:

    Fixed bug with using referrer header and page redirection.
    Network errors when loading a project no longer report the server URL.
    Fixed the corruption of previous project after failed loading new one.

    When switching to the new version, the old projects will work in the old way, if you want to use the new functionality, then you need to start editing the 'Proxy', 'Apply fingerprint' and 'Get fingerprint' actions and click Ok without changing anything.