How long do cookies live in a mobile ecosystem? - cookies

I'm aware of different ways to specify cookie lifetime in desktop, but what about mobile? I suppose some cookies may "die" earlier than configured because of lack of the space on mobile device. Does anyone have any research on this?

It is more of a network issue than space on the phone. Some mobile networks may discard cookie information. This was the case with many networks as recent as 3 years ago. Unfortunately I don't have any information about which ones.

Related

How to reduce your fingerprint in browser for privacy and for web scraping

You can disable cookies, change your ip 500 times but can’t anyone just track you through fingerprinting?
You could disable Java and Flash. Though that would break the page and make you stand out anyway.
You could use Tor but I think if you use Tor you get blacklisted from some sites instantly.
What’s the workaround? Using Chrome is a big nono. Internet explorer maybe and firefox perhaps…
Are there any apps that deal with this? Or just design a good web scraper, have an ip and cross your fingers.
I realize the average site is not going to implement all these features, but I am how one would workaround a site that was extremely vigilant.
There are two types of browser fingerprinting:
1. static fingerprinting - can identify browsers (and probably operating systems) just based on details of their requests. That's the order and capitalization of http headers, browser specific headers etc.
One small aspect is described here: https://gwillem.gitlab.io/2017/05/02/http-header-order-is-important/
As this can be done without any javascript, I guess scrapy is identifyable this way.
How to get around this?
As mentioned in the above article you need to exactly emulate a particular browser's fingerprint by emulating its headers' order and capitalization (and it has to match the user agent, of course)
2. dynamic fingerprinting - uses Javascript to collect data on installed plugins, plugin versions etc ... As Granitosaurus wrote, that won't be triggered by scrapy. But sites that use fingerprinting for scraping protection will block the scraper if it doesn't get any data from its fingerprinting module.
As this type of fingerprinting yields much more dimensions it can be used to identify particular users with a high reliability (over 90%)
You can find a good example how this is done here: https://github.com/Valve/fingerprintjs2
How to get around this?
use a lot of different real browsers for scraping (for example through selenium, no phantomjs, it can be detected)
randomize these browsers' settings and installed plugins (ideally using different versions)
when scraping rotate these browser instances instead of rotating IPs (each browser instance should keep its IP over its livetime)
If one of the instances is "burnt" replace it with a new instance that has a fresh IP and randomized browser fingerprint
... as you'll need many browsers this has to be done in an automated way, of course.
Resetting cookies sounds like a good idea at first, but if the fingerprinting system is worth its salt it won't need cookies to identify each of these machines reliably.

Tricking WURFL mobile detection

I'm trying to test the mobile version of a webpage on my desktop. It uses WURFL for mobile detection, which I thought could be tricked by changing my user agent.
This has no impact on what page is displayed to me..
Any ideas how I can trick the page into showing me the mobile view?
Depending on the caching strategy that the website is using, you may need to clear your cookies in order to test both versions of the site. Spoofing your User Agent is the correct method in order to "trick" the website into serving the mobile version.
In addition to what Elliot said, the fact that the mobile version of your page is not shown may depend on how you implemented the routing of your website, so check that, after the device has been detected, the request is properly forwarded to the mobile version.

how to uniquely identify a client from server-side?

Objective:
I want to detect if a web application is accessed from more than one account using the same device such as computer,mobile,tablet using different browser using any programming language or protocol
So far:
In Desktop application we read mac address to uniquely identify it.
In iOS mobile application we read UDID to uniquely identify it.
In Android application we read mac address as well to uniquely identify it.
In website reading client ip-address only seems to be viable way but it doesn't seem to be reliable due to NAT(Network address translator).
Any suggestions are welcome
Reading ip-address is the only way But with that also you can't trace exactly due to Network address translators,Proxy servers and VPN servers etc.
You have to understand this its privacy issue
Even in iOS also they have forbidden to read UDID right from iOS 7 as it infringes users privacy
Hope this solves your problem

user browse web site history data

I would like to list user connect web site link,get all history data
where can i got those data.
thanks
Well, since I'm new I'll just have to post as broad an answer as I can for your vague question.
If your goal is to get a users recent browsing history, you should just be able to look up the places where all of the mainstream browsers store their history data. I highly doubt the devs would put such insensitive information under encryption, so this shouldn't be too hard. Browsers that you should take in to consideration include Internet Explorer, Firefox, Opera, Chrome, Netscape Navigator, and all of the other Mozilla spinoffs, such as Sea Monkey.
If your goal is to establish a connection to a web server, and then download a list of data provided by the server, there is a lot of setup involved. First, you need a server. You can use something like Apache, and use the HTTP protocol for all data transmission, or if you're feeling brave, you could whip up a server of your own design. Second, you need a way to connect to this server. Since it appears you're using visual C++, WinSock would be the way to do this. There are plenty of tutorials online for WinSock, just Google away.
I hope this helps you, and best of luck to your endeavor.
As your question is tagged "C++", I assume that your program works on local computer.
Each browser has its own format of "history storage". You will have to work on different formats if you are targeting the major browsers, e.g. Firefox, Chrome, IE, etc.
For example, Firefox and Chrome stores its history in a SQLite database, while IE stores in a binary file named "index.dat".
Here are some places to start:
Firefox :
http://kb.mozillazine.org/Places.sqlite
https://developer.mozilla.org/en/The_Places_database
IE :
http://www.forensicswiki.org/wiki/Internet_Explorer_History_File_Format

Can two different browser share one cookie?

My requirement is pretty interesting, I want to maintain one cookie between two different browser for same domain.
so lets say I have create one cookie with name "mydata" and value "hiscal" from IE, then if i browse same website from firefox and trying to read cookie "mydata" then system should give me value "hiscal"
but this is not happen in general case
so can any one tell me how i can share cookie between to different browser(client) of same domain.
Thanks,
Hiscal
You can build a cookie-proxy by creating a Flash application and use Shared Objects (SO = Flash cookies) to store data.
Any Browsers with Flash installed could retrieve the informations stored in the SO.
But, it's an ugly workaround.
Just don't share cookies... and find another way to build your website/app.
Every browser maintains it's own cookies. So in general, no this is not possible.
With a lot of hard work you could in theory write an application that sits on the client computer that looks at all the locations the different browsers store cookies, parses the different cookie formats, synchronises them and then writes them out.
That would be error prone and will break as soon as a browser changes how it works with cookies (not to mention that some of the browsers secure their cookies, so you won't be able to get to them in the first place).
In my opinion, this is not practical and I wouldn't even try.
Use YUI's storage utility and force it to use the SWF storage engine.
All computers and browsers would still have to have Flash installed, but you wouldn't have to write your own Flash app. You would benefit from using the one maintained by the YUI team.
As others have said, this is not very portable, but in a controlled environment, it might work for you.
Cookies can be shared with other data storage, through browser extensions. Maybe in Flash or Google Gears you can maintain shared DB between browsers, but it needs to be installed on both of them, of course.
Edit:
In Google Gears you can't. Maybe you should write self-made extension... or some user-login system, where the data will sit on the server.