Choose: Simple Style

Fingerprinting HTTP/2

║▌║▌│█║▌║│█│█║║

/Tracking/Fingerprinting/passive/http2/

  • $ fingerprint@info:~ echo $HTTP2

  • Name:

    HTTP/2

    Original feature purpose:

    HTTP/2 (HTTP version 2) enables a more efficient use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection. For more details see, e.g., IETF HTTP Working Group's HTTP/2 GitHub page.


    FP-Explanation:

    As defined in RFC7540, each client can choose and set the desired HTTP/2 parameters and values.
    The fingerprint used in this demonstration is an extended version of the original HTTP/2 fingerprint proposed by Akamai researchers. Fundamentally, it is a concatenation of settings and parameters, which are client-dependent. The logging and extraction procedure of HTTP/2 parameters starts if a HTTP/2 capable client accesses a resource on the server and establishes a connection.

    The HTTP/2 fingerprint follows this scheme:

    [SETTINGS]|WINDOW_UPDATE|PRIORITY|Pseudo-Header-Order|HEADERS_FRAME|WINDOW_UPDATE*

    On this demo page, JavaScript is only used to style the page and to display the HTTP/2 fingerprint. The fingerprint is generated completely server-side. The (HTTP/2 capable) client only has to try to access a URL to trigger this fingerprint technique.


    FP-Type:

    passive

    FP-Categories:

    software-dependent, consistent

    Counter-measures:

    • Disable HTTP/2
      Description: Disable HTTP/2 via browser settings or Addon to block HTTP/2 Fingerprinting.
    • Do not change default HTTP/2 values
      Description: Changing default values in your browser settings will make you more unique.

    Publications/References:


  • $ fingerprint@info:~ run http2-demo

    • Demo:

    >> Jump to HTTP/2 Fingerprinting Demo <<


HTTP/2 Fingerprinting

Show HTTP/2 Fingerprint
Your HTTP/2fp is: Click the button above to show your HTTP/2 fingeprint
Your HTTP/2fp hash is: ---
Your User Agent is: ---



Requested resource via HTTP/2:



Example HTTP/2 Fingerprints:

http2 Fingerprint User Agent
[3:1000;4:6291456]|15663105|0|m,a,s,p|0,0,256,1 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.101 Safari/537.36 OPR/40.0.2308.62
[1:65536;3:1000;4:6291456]|15663105|0|m,a,s,p|0,0,220,11 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.37
[1:65536;3:1000;4:6291456]|15663105|0|m,a,s,p|0,0,147,1 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/68.0.3440.106 Chrome/68.0.3440.106 Safari/537.36
[4:131072;5:16384]|268369921,3:0:201:0,5:0:101:0,7:0:1:0,9:7:1:0,11:3:1:0|m,p,a,s|0,11,32,0 Mozilla/5.0 (Windows NT 6.1; rv:43.0) Gecko/20100101 Firefox/43.0
[4:131072;5:16384]|12517377,3:0:201:0,5:0:101:0,7:0:1:0,9:7:1:0,11:3:1:0|m,p,a,s|0,11,12,0 Mozilla/5.0 (Windows NT 6.1; rv:47.0) Gecko/20100101 Firefox/47.0
[1:65536;4:131072;5:16384]|12517377|3:0:201:0,5:0:101:0,7:0:1:0,9:7:1:0,11:3:1:0|m,p,a,s|0,11,22,0 Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
[1:65536;4:131072;5:16384]|12517377,3:0:201:0,5:0:101:0,7:0:1:0,9:7:1:0,11:3:1:0,13:0:241:0|m,p,a,s|0,11,12,0 Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
[1:4096;4:32768;5:16384]|12517377,3:0:201:0,5:0:101:0,7:0:1:0,9:7:1:0,11:3:1:0,13:0:241:0|m,p,a,s|0,7,12,0 Mozilla/5.0 (Android 6.0.1; Mobile; rv:60.0) Gecko/60.0 Firefox/60.0

HTTP/2 fingerprint scheme:

[SETTINGS]|WINDOW_UPDATE|PRIORITY|Pseudo-Header-Order|HEADERS_FRAME|WINDOW_UPDATE*



Detailed Glossary:

SETTINGS Parameters Description
SETTINGS_HEADER_TABLE_SIZE (0x1): Allows the sender to inform the remote endpoint of the maximum size of the header compression table used to decode header blocks, in octets.
SETTINGS_ENABLE_PUSH (0x2): This setting can be used to disable server push.
SETTINGS_MAX_CONCURRENT_STREAMS (0x3): Indicates the maximum number of concurrent streams that the sender will allow.
SETTINGS_INITIAL_WINDOW_SIZE (0x4): Indicates the sender's initial window size (in octets) for stream-level flow control. The initial value is 65,535 octets.
SETTINGS_MAX_FRAME_SIZE (0x5): Indicates the size of the largest frame payload that the sender is willing to receive, in octets.
SETTINGS_MAX_HEADER_LIST_SIZE (0x6): This advisory setting informs a peer of the maximum size of header list that the sender is prepared to accept, in octets.


WINDOW_UPDATE Description
Window Size Increment: The legal range for the increment to the flow-control window is 1 to 2,147,483,647 octets.


PRIORITY Description
E: A single-bit flag indicating that the stream dependency is exclusive.
Stream Dependency: A 31-bit stream identifier for the stream that this stream depends on.
Weight: An unsigned 8-bit integer representing a priority weight for the stream. Weight value between 1 and 256.


Pseudo-Header-Order Description
:method This pseudo-header field includes the HTTP method.
:scheme This pseudo-header field includes the scheme portion of the target URI.
:authority This pseudo-header field includes the authority portion of the target URI.
:path This pseudo-header field includes the path and query parts of the target URI.


HEADERS_FRAME Description
Pad Length: An 8-bit field containing the length of the frame padding in units of octets. This field is only present if the PADDED flag is set.
E: A single-bit flag indicating that the stream dependency is exclusive. This field is only present if the PRIORITY flag is set.
Stream Dependency: A 31-bit stream identifier for the stream that this stream depends on. This field is only present if the PRIORITY flag is set.
Weight: An unsigned 8-bit integer representing a priority weight for the stream. Weight value between 1 and 256. This field is only present if the PRIORITY flag is set.
Header Block Fragment: A header block fragment.
Padding: Padding octets.