Tracking Processors: Client Fingerprint Processor: Incident - Fingerprint Directory Indexing

Complexity: Low (2.0)

Default Response: n/a

Cause: The client fingerprint processor is designed to obtain a semi-unique identifier from the clients rendering engine. The fingerprint is a hash of data obtained through JavaScript such as the plugin list, time zone, and screen resolution. In order to calculate a fingerprint, some binary resources such as flash objects might be required. These resources will be served from a known fake directory. This incident is triggered if the user attempts to get a directory index listing from the known fake resource directory.

Behavior: If an attacker discovers the script being used to collect and submit the fingerprint data, they might be interested to know what else is in the directory where fingerprint binary resources are served. As such, they can request a directory index listing from the fake directory. Because the directory is fake, there are no files to list, but the simply action of attempting to get the list is indicative of abusive behavior. If an attacker is able to obtain a directory index listing, they can attempt to exploit some of the other resources in the directory, or gain information about the website that can otherwise not be available. Any attempts to index the directory will result in a 403, which will yield no useful information to the attacker. This is usually part of a spidering effort and targets "Predictable Resource Location" vulnerabilities.