Effect of Firefox’s “Responsive Design Mode” on the browser’s fingerprint

Today I switched ON the "Responsive Design Mode" under the "Web Developer" Section of the Firefox menu, and from the dropdown menu selected "iPhone X/XS iOS 12".

So now every webpage I visited was being sent the request that the screen size of my device was "375×812".

My question is that, can this method enhance my protection against browser fingerprinting(assuming I also take some other precautions)? Because the websites now wouldn’t be able to know my original aspect ratio/screen resolution, and above 2 iPhones are quite common too(I am using a laptop).

I earlier tried to scale the Firefox window to nearly the aspect ratio of a mobile phone, but that didn’t make any differnce at all.

Note:

(i) In the context of this question my adversaries are only the companies and their websites,and not the Governments & ISPs.

(ii) I am just asking about the effect of this method on my browser’s fingerprint, that is, whether it will increase or decrease the fingerprint. Be advised: I am not using this as the only method.

(iii) Firefox version: 78.0.2

(iv) OS: some linux distro.

When I try to SSH into my computer through its public IP the server’s host key fingerprint is different?

When I SSH into it through my local network, and when I actually go and check with ssh-keygen I get 1 rsa fingerprint. And when I try to SSH in though my public IP I get a different host fingerprint shown in putty. This host fingerprint does not appear to be the fingerprint of any of the host keys (or even client keys, I checked) on my server. It is totally unknown to me.

Am I the victim of an attempted man-in-the-middle attack? And if so, is there anything I can do so that I can actually SSH into my server remotely without compromising my server’s security?

Can I bypass basic auth to fingerprint a web server with Httprint or netcat?

There is a web server I’d like to recon using httprint.

But that web server has a basic auth protection on 443. Port 80 is not responding When I lauch httpint, it says “Unspecified Error”

The same thing happens with netcat. It fails because of Basic Auth (ie “Connection Refused”) When basic auth is disabled, both netcat and httprint work well.

How can I bypass basic auth for fingerprinting a web sever ?

How to configure a VM to protect all my hardware fingerprint from guest OS and softwares?

This question was originally Does Firefox in VM have a common enough fingerprint so I don’t need tor browser? in Tor community.

I want to know about what a web browser’s fingerprint like in a VM, if VM runs a common OS and have default system settings. Can VM be configured to not have any of host machine’s fingerprint?

(Here I just want to ask about fingerprint, ignoring IP addresses, web scripts and tracking cookies)

Here the VM software we discuss would better be FOSS, like Virtualbox or qemu.

That question could be on not just web browser, but also other kind of softwares.

Fingerprint mismatch only for 32-bit DLL linked statically to FIPS Capable OpenSSL

Appreciate any help on the following.

1) Built OpenSSL Fips Module and then ‘static binaries’ of FIPS capable OSSL which ‘statically link to the windows run-time’. Thus, my application binary (FipsApp.exe) does not depend on OSSL DLLs.

2) Consumed these static binaries namely (libeaycompat32.lib, libeayfips32.lib and ssleay32.lib) into myapp.dll using msincore.pl.

3) FipsApp.exe calls function foo() inside myapp.dll which executes FIPS_mode_set() which returns (100:error:2D06B06F:lib(45):func(107): reason (111):/FIPS/FIPS.c:232)

Result

1) On executing 64-bit FipsApp.exe, the FIPS mode gets set and working with 64-bit myapp.dll

2) But on executing 34-bit FipsApp.exe which uses 32-bit myapp.dll with same configuration, FIPS_mode_set() fails with reason 111 (Fingerprint mismatch)

Attempted

Since above 32-bit myapp.dll did not work, some additional configuration changes were made.

1) ReBuilt 32-bit myapp.dll with above LFLAGS “/DynamicBase:No /Fixed”. Here default base address gets used for myapp.dll

2) ReBuilt 32-bit myapp.dll with base address of 0xFB00000. (OSSL does same thing for FIPS dlls)

3) Checking out following http://openssl.6102.n7.nabble.com/FIPS-Static-Library-linked-into-Win32-Dll-builds-but-fails-self-test-td63011.html

But 32-bit myapp DLL does always fail with fingerprint mismatch.

Question

How do I get 32-bit myapp.dll working in FIPS mode? FIPS_mode_set() returns (100:error:2D06B06F:lib(45):func(107): reason (111):/FIPS/FIPS.c:232)

Thanks.

Fingerprint FTP services without Banner message

I want to write a python script that is able to fingerprint ports on a server to identify the FTP client running on the port.

While there is often a Banner message upon connection, this message is not reliable or can be removed easily.

Is there any tool / database etc available which can help to identify the different clients by behavior? e.g. by digging through source code i noticed that the PyFTPd Server uses the message “I’m going to ignore this command…” which can be used to identify that service.

I am happy for any help, as many FTP commands are supported and included in all daemons so it is difficult to find all the differences… I am trying to distinguish between

vsftpd pureftpd proftpd pyftpd 

Is what fingerprint scanners in mobiles store a stealable value?

If a fingerprint scanner were a human it would probably be like this:

  1. take a photo of the finger presented for authentication
  2. check it against the original photo to determine if it’s the same.

This would lead to the problem that the process has a copy of the scanned finger and anyone stealing this then owns/pwns a ‘password’ of mine that I can never change. Obviously they may have other challenges in using that password, but they have it nonetheless, so if an opportunity arises they can use it.

I’ve stayed away from using my fingerprint scanner on my phone (FWIW Moto G5s) because I’m not sure whether it’s a risk like the above.

Is the data that real phone fingerprint scanners generate and store for comparison something that can be stolen? Or is it something that’s always going to be unique to that device – e.g. is it salted or such?

And if it is sensitive, do apps that use the scanner have access to it, or would that normally be left to the phone’s OS (Android in this case) and an app just gets back an un/authenticated response?

Asking because I’m trying to answer:

  1. Does my phone have a stealable copy of my unchangeable fingerprint on it (e.g. attacker steals device, could get access to my fingerprint – or access to some data that would be enough to present as my fingerprint)

  2. Does my phone’s OS have a stealable copy? I ask this because I’m wondering whether that means I’m trusting it to Google / Apple etc.

  3. Do my phones’s apps have access to that? (obviously this vastly increases the vulnerability area if so)

I’ve looked online and I understand that scanners don’t usually store a photographic scan, but some key things that can identify unique properties, but if those unique properties are … unique … then they could be stealable?

How do i configure the fingerprint scanner?

I’m new to the linux world in general and ubuntu…I read a few threads and tried out some of the solutions posted but couldn’t get it to work. I have an ASUS UX430UA and the fingerprint scanner is Elan Microelectronics Corp. as listed under lsusb. Can someone help me install it and make it work? (remember I’m new and have no idea how to install things and clueless about what I’m doing when I type in the terminal) Thanks in advance