I am working on a WebRTC gateway project and I have a need to access a browsers fingerprint and its algorithm from Javascript. I would like to access this information to send it via a WebSocket signaling channel. I expected to get the fingerprint and hash algo via the browsers answer SDP, but on chrome its missing.
I have searched for an answer and have had no luck.
Here is a screen shot showing the information I want to access (via webrtc-internals):
I'm looking for a cross-browser solution, but if it works in Chrome only for now that would be just fine. The parameters I want are shown in the image as "googFingerprint" and "googFingerprintAlgorithm".
Update: screen shot of the offer
Update: screen shot of the answer
Update: latest offer + answer
There is no known way to access the fingerprint via javascript in the browser. There is a known chrome issue directly related to this question (that I submitted). https://code.google.com/p/chromium/issues/detail?id=417949
Related
Is there any way to send ASCII symbol/character to USB via webpage (HTML)?
We have a local PC with a webpage running in kiosk mode. The webpage have a button that should send that symbol/character to USB. How it can be done?
Thanks for any help.
No.
Code running in web pages is sandboxed and has no direct hardware access in general and definitely no direct USB access.
It may actually be possible, though only by using an experimental feature that's only available in some browsers.
More specifically, there exists a draft specification of the WebUSB API which aims to give access to USB devices from the browser, albeit with some limitations for security reasons. For instance, Chrome requires the page to be served over HTTPS.
This feature is currently implemented in newer versions of Chrome and, according to MDN, Opera.
There is some more information about it on Google's blog.
Question is:
Is there any way to send ASCII symbol/character to USB via webpage
(HTML)?
I don't know if Electron Apps is what you call a webpage, but it is to me. If Electron App enters your usecase, you can access the NodeJS API, and therefore your machine.
This could be the answer you are looking for, if the only limitation you have for your question is the use of web languages (HTML, CSS, Javascript). If your limitation is give access to the world through a classic web browser, as #Quentin sayed in his answer, it is not possible.
Thanks god it's not possible.
I was entering my Google account recently and noticed that not only did it say which browser I was currently using - it also knew the exact name of the computer I was using. How is Google able to fetch these informations?
I have been browsing the internet for javascript methods that should give me computer name or similar - but I am sure that Javascript is not able to read these data. If for anything, the site should maybe contain a small java application that executes and fetches the data, but that would usually require for me to accept that java is running in the browser by clicking a modal opening box.
Then I thought maybe they executed some C code in the browser - but how do they do it and access data outside the browsers "sandbox"? A third theory I have is that when I installed the Google Chrome browser, it was able to pass along these details - but it didn't make sense neither when I note that it also knows my iPads exact name though I haven't installed any google applications on my ipad at all. (neither google maps, gmail, chrome or anything).
UPDATE 01/25/2016
I have given this some extra thought and seemed to stumble across something else. I went through possible solutions using node.js or Flash to do the same, but I recalled that Google writes everything in Python, which made me think if it was simple enough using Python. I found this post: How can I use Python to get the system hostname? and thought that this might be a way for Google to it. I don't know if this is still achievable when you are writing a website and if this is a browser-based method as well (mind you I am not Python programmer at any level).
I did some testing. I have 2 Google accounts, and what I found was that on my main account (which I use with Chrome), Google knows my computer name. On another account, I am logged in with Edge and Firefox, but neither of them show my computer name. It was not until I logged into the Chrome browser ITSELF (not the Google page) as a Chrome user that my second Google account showed the browser I was using.
I verified this on my laptop: I logged in with my second account into the Google website on a new user, which didn't update the computer name on either device in the security settings. Once I logged into the Google Browser with that account, it showed my computer name. So it looks like because you're logged into Google Chrome, Google knows your computer name.
Note that Google using a sandbox does not make any difference for this. It is trivial to find your computer name, all it takes is hostname in a command prompt.
the problem here is if there was a way to get dekstop name though headers that means the browser has that info and if it has there will definitely be some way of getting the name from javascript but there is not i support the above answer that the google uses some sync bad habits or it may be that it stores the ip address which btw we can get with headers this might be the case as with tokens and this ip address thing ddos attacks will be quite easier to deal with so this ip address storing might be true but still its just a guess
Because when you connect to Google they install cookie in your compputer for they know your information and for say you are alerady come here its Like ID Installor
Cookie its file (ID) when you connect to site, the site use this file for know if you alerady came here or not and they can get all your infos: IP, Computer Name, Access To WIFI I thing and create special and unique ID on your pc
that are why they know your computer name
I don't know you still want to know that or not but anyway,
Every requests that browser sends to loading every pages on the web has some headers, and this headers has some information about browser, referral url and etc..
The important one in this case is "User-Agent" header which includes information about browser, OS and few more information.
You could access the browsers User-Agent string using Java Script in client side via:
navigator.userAgent
and even in server side programming languages like PHP and ASP and etc.. .
This is and example User-Agent string of Safari browser on Macintosh Device:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
Also you can get yourself User-Agent string and all of analysed datas here
I'm planning to make a login system by USB, so if you put in a USB-drive and open a specific webpage, the website asks the USB-drive for the code (e.g. by a JavaScript file, a redirect or something like that).
The problem is, because of sandboxing, you can't load or redirect to local files. I don't know a solution for this problem. Can you guys help me? I don't need specific code, just an example or something in that way.
Maybe you can read up on USB-HID. Wikipedia:
The USB human interface device class (USB HID class) is a part of the USB specification for computer peripherals: it specifies a device class (a type of computer hardware) for human interface devices such as keyboards, mice, game controllers and alphanumeric display devices.
Here are some references:
USB HID (Human Interface Device)
node-hid - Access USB HID devices from node.js
DepthJS: 'Allows any web page to interact with the Microsoft Kinect using Javascript'.
A related Stackoverflow question:
Write data to USB HID using Javascript, HTML5, or any cross platform language (supports Android)
One other possibility is to check out the Chrome HID (Human Interface Device) APIs:
Interacting with USB HID devices from web apps – via Chrome Apps, see below
Relevant Chrome API docs
Please note that for the time being, you cannot interact directly with the USB device (i.e. you cannot access any WebAPI offering that kind of fine-grained control).
Building a Chrome App (different from a Chrome Extension) may help; This article may point you in the right direction, since it also provides sample code.
The only way I can think of is putting a html file on the usb stick that essentially generates some sort of login token and gives you a link or a form to a login processor. You can then access the webpage by opening the local file first which will redirect you to the actual webpage.
This local script may include a javascript from the server to get some challenge-response-data which it hashes somehow (perhaps in combination with a password) and puts it into the form data.
Web PKI authentication from Modern Browsers may be achieved by using Browser Extension. One such extension is Signer.Digital browser extension. Use below Javascript promises from the APIs provided by Signer.Digital extension.
SignerDigital.getSelectedCertificate() to register user's certificate
SignerDigital.signHash(hash) to sign token at browser and verify at server
For all Javascript APIs refer to SO Answer https://stackoverflow.com/a/63173083/9659885
Disclaimer : I work for a company supporting the application below
Hello, you may try to use Nexu open-source application for communication with smartcards or USB tokens. It also support PKCS 12 keystores.
For example, the application is connected to the DSS webpage on the website of European Commission : see the link.
Synopsis: I am developing a HTML5 web app that will allow tablets(iPad or Droid) to login to a server and perform various functions. The client would like a way to check the devices mac address when logging in. From what I have read, most solutions use activex objects that will not work for webkit browsers.
Question: Does anyone know a solution that would hook into a HTML5 web app seamlessly(Idealy update a hidden form element with the value upon logging in)?
Thanks!
I don't think there's going to be a straightforward way to do this. The web server won't be exposed to a client's MAC address unless they're on the same physical segment...you'll only see the MAC from the most recent router hop in general.
If anything exists, it's going to be a browser plugin (show-stopper on iOS). And it would probably need more than the default permissions available (I don't suspect you can enumerate network interfaces in Java, for example, without asking for elevated permissions).
If you're looking for HTML/JS only then I don't think that this is possible. It won't be exposed.
The problem is that the packets you recieve back will only contain the MAC address of the node on the last hop.
This may be possible via a plugin, but then this limits you on iOS, and possibly also Android as you'd need to provide them a way of getting the plugin first (unless you used a plugin that was installed by default).
Edit: Not that I support an app for every little thing, but it shows that easy to press app buttons sometimes tend to do better than web apps (regardless of being able to make browser shortcuts to home screens). If it is suitable, you could consider loading this within a web view on the target device from within an app, from which you can then of course access MAC addresses and whatever else you may need.
MobiThinking: Mobile applications: native v Web apps – what are the pros and cons?
Forbes: Mobile Web App vs. Native App? It's Complicated
What I'd like to do is provide a link on an intranet web page that will launch a telnet session and pass context information to a shell script that will take the user to a specific "green screen."
This "pseudolink" might help show what I'm looking for:
detail for 123
Part of this solution might be a suggested telnet client that could interact with browsers (perhaps through JavaScript) to accomplish this. Bonus points for obfuscating the credentials (but this is envisioned at this point to be a "read only" login).
Thanks!
You cannot do this with a telnet: URL in most browsers (IE, FF, afaik). The telnet URL was originally described in RFC 1738, and it provided only information for a hostname, port, username and password.
When you click on it, the browser will usually ask the OS for the default "telnet" handler, which is an external application that is run. Most modern telnet clients accept these parameters and put them to use.
This architecture varies a bit between browsers, but the application is usually external. There was the occasional request in bugzilla.mozilla.org for support for a telnet plugin or a native telnet client, but it never got much attention.
There might be inline solutions like a java applet, but I doubt they are called with a telnet: URL.
In my opinion, and I'd love to be proved wrong, you will have sandbox (security) problems. Check out my question here which got little interest, but I think it's basically the same thing: you cannot open external apps from the browser unless they are already associated with the mime-type, protocol, or something.
There are some java applets which can be used as telnet clients, you could use one of them in the browser.