Browser fingerprint tool

havochavoc OGContent WriterSenpai

Made a thing and wanted to show it off :)

A tool that displays what the website can see from your browser on fingerprinting etc.

https://tls.obsidian.place/

Loads of sites out there that do similar but wanted my own since I'm working on a project that deals with fingerprinting.

Returns json so that it is easily machine readable

Fully vibe coded, rust, app hooked into fail2ban, netcup vps

Thanked by (2)Not_Oles tentor

Comments

  • What can I use this for?

  • havochavoc OGContent WriterSenpai

    @imok said:
    What can I use this for?

    It's like a corkscrew - unless you happen to be opening wine bottles probably not much use to you.

    Discovered servers can deduce how far you are based on latency based on the "ja4l_c": "7532_56" factor - correct answer for me is 844 km which is pretty much bang in the middle of the estimate:

  • havochavoc OGContent WriterSenpai

    @havoc said:

    @imok said:
    What can I use this for?

    It's like a corkscrew - unless you happen to be opening wine bottles probably not much use to you.

    Discovered servers can deduce how far you are based on latency based on the "ja4l_c": "7532_56" factor - correct answer for me is 844 km which is pretty much bang in the middle of the estimate:

    To answer your question though - it's a target for my coding agent to develop against - and it seems to be working well:

    The smoke run worked and now shows the fingerprint fields. The wreq Chrome 149 impersonation is producing a real Chrome-shaped TLS/HTTP2 fingerprint:
    
         - ja3_hash: 65cbdb653e4cc167xx                                                                                                             
         - ja4: t13d15xx_8daaf6xx_d8a2xx — this is a Chrome-shaped JA4 (t13 = TLS 1.3, d = destination, 15 = 15 cipher suites, 16 = 16 extensions,
          h2 = HTTP/2 ALPN)
         - akamai_fingerprint (HTTP/2 SETTINGS): 1:655xx,s,p — this is the HTTP/2 SETTINGS frame fingerprint, with
         pseudo-header order m,a,s,p (:method, :authority, :scheme, :path) which is Chrome's order.
         - akamai_fingerprint_hash: 52d84b11737d980axx
    
         This is exactly the full-stack mimicry Phase 6 promised: TLS/JA4 + HTTP/2 SETTINGS + pseudo-header order, all Chrome-shaped. The JA4 t13xx6h2_...
         matches real Chrome 149.
    
         The user_agent shows Chrome/149.0.0.0 on Mac — that's the default platform for the emulation (since I used "chrome" → Chrome149 with default
         platform which wreq_util sets; apparently macOS is the default).
    
         This is a great result — it proves the wreq engine is producing a genuine Chrome fingerprint
    
         Done — and this target is the interesting one because it echoes the TLS/HTTP-2
         fingerprint back. The wreq R1 path returned 200 / Usable and the fingerprint fields
         confirm the full-stack Chrome 149 mimicry Phase 6 promised
    
  • reminds me of peet's version https://github.com/pagpeter/TrackMe.

    tls fingerprinting has been solved for a while, it's more device fingerprinting that is harder to get around.

    Thanked by (1)havoc
  • havochavoc OGContent WriterSenpai

    @tbnuser said:
    reminds me of peet's version https://github.com/pagpeter/TrackMe.

    tls fingerprinting has been solved for a while, it's more device fingerprinting that is harder to get around.

    Well spotted! That was actually the starting point - though didn't know the source was available. Had an LLM look at the json output and create a similar tool then added more stuff

    it's more device fingerprinting that is harder to get around.

    Yeah, not shooting for perfect here. Trying to make a fetch tool for LLMs & that'll be a staggered approach..and if nothing works last step is kick it over to a commercial scrape provider. Those have decent free tiers so if I can DIY catch the majority that is a help in staying within limits

Sign In or Register to comment.