Taxonomy Posted July 24, 2015 Posted July 24, 2015 What all information can a website get about your computer? I know, IP what else?
Skizow Posted July 24, 2015 Posted July 24, 2015 (edited) What all information can a website get about your computer? I know, IP what else? Provider + which browser he is using. And cookies I guess Edited July 24, 2015 by Skizow
Taxonomy Posted July 24, 2015 Author Posted July 24, 2015 Provider + which browser he is using. And cookies I guess Can a website get my modem information? My PC hardware information? MAC address?
Eliot Posted July 24, 2015 Posted July 24, 2015 Can a website get my modem information? My PC hardware information? MAC address? Without an additional download: a) No. b) No. c) No.
Botre Posted July 24, 2015 Posted July 24, 2015 Without an additional download: No. No. No. You can use ActiveXObject objects in js and get the MAC and hardware info if the PC is using IE (not sure about the other browsers), I've also read about WebGL exploits to get hardware info (primarily GPU stuff but I think the article also mentioned CPU info) and that API is cross-browser so... Not sure if JavaScript scripts count as additional downloads either considering you can embed them in HTML files. The web ain't all that safe :x
Eliot Posted July 24, 2015 Posted July 24, 2015 You can use ActiveXObject objects in js and get the MAC and hardware info if the PC is using IE (not sure about the other browsers), I've also read about WebGL exploits to get hardware info (primarily GPU stuff but I think the article also mentioned CPU info) and that API is cross-browser so... Not sure if JavaScript scripts count as additional downloads either considering you can embed them in HTML files. The web ain't all that safe :x That only works in IE and probably requires user to allow plugin to run, if you figure out how to do it in a modern browser golf clap for you. Just double checked, you can get some hardware info in some browsers, but not a complete picture afaik.
Bobrocket Posted July 24, 2015 Posted July 24, 2015 Through use of various flash/java exploits you can get a lot of information. Been a long time since I looked into this stuff but I believe CVE-2014-0543 (not even sure if that's the right CVE) could grab hardware info since it could execute arbitrary code. The standard information someone can get from visiting a website without exploits includes: Whether or not you have JS enabled Whether or not you have a form of adblock Your IP Your country and rough area (through your IP) Your browser Your OS Your .NET version (some user agents submit this information, I believe only IE does this but no idea) Whether or not you are using a transparent proxy Your screen resolution and the resolution of your browser window Your local time + timezone Your referrer (the last site you visited) Here's a little example of the sheer amount of information you can grab from your user agent string: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0-I am using Firefox, version 39.0 -I am using Windows 7 (NT 6.1) -I am running a 32-bit browser on 64-bit architecture (WOW64) -I use the Gecko CSS engine (default firefox engine) -My Gecko engine is version "2010-01-01" 1
Taxonomy Posted July 24, 2015 Author Posted July 24, 2015 Can they get a computer ID / serial number off a website? Like what if i format my PC, will it still be the same?
Acerd Posted July 26, 2015 Posted July 26, 2015 Can they get a computer ID / serial number off a website? Like what if i format my PC, will it still be the same? i dont think your MAC Address can change (correct me if im wrong)
DeadlyLazy Posted July 28, 2015 Posted July 28, 2015 Everything. One minute you're feeling relatively safe, then you enter OSBot.org and then @Maldesto is sat in the tree outside your bedroom window with binoculars in his hands.
