WEB TRACKING FOR YOU

Black Hat USA 2012

Presented by: Gregory Fleischer
Date: Wednesday July 25, 2012
Time: 15:30 - 16:30
Location: Romans I-IV
Track: Gnarly Problems

There has been a lot of conversation recently around the privacy degrading techniques used by shady online advertisers, faceless megacorps, and social network overlords to track users across the web. But, after all the recriminations and fancy infographics about the supposed loss of privacy, where does that leave people who need to implement tracking of website visitors? People seem so distracted with "punch the monkey" advertising cookies that they have lost a sense of the need to legitimately track and identify potential bad actors.

This talk is a technical examination of the tracking techniques that can be implemented to identify and track users via their web browsers. The key concepts of active and passive fingerprinting, tracking, and user unmasking are discussed in detail. From the humble browser cookie to more advanced techniques to sidestep private browsing modes, the most effective approaches are discussed in relation to the various web browsers across operating systems and desktop and mobile environments.

At the conclusion of the presentation, an open source tracking server will be released that implements the techniques covered in the talk. Additionally, several utilities to facilitate injection of tracking content and correlation of collected data will also be made available. These tools will be suitable to deploy on your network to track web users or on your local machine in a standalone "Track Yourself" mode.

Gregory Fleischer

Gregory is a Senior Security Consultant in the Application Security practice at FishNet Security where he conducts security assessments against a wide variety of web and mobile applications. In his spare time, he likes to find and exploit vulnerabilities in web browsers and client-side technologies such as Java and Flash as well as working on open source security tools. He has an interest in privacy and anonymity and has worked with The Tor Project to identify potential issues. Gregory has previously spoken at the Black Hat USA and DEFCON security conferences.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats