How to find out if an IP address belongs to a Hosting / Cloud Provider?

Posted on March 09, 2022 in Security • Tagged with API, Datacenter, Hosting, Cloud-Provider, IP API, Bot-Detection, VPN-Detection, IP-Intelligence, IP-Lookup • 8 min read

It is not entirely trivial to find out if an IP address belongs to a datacenter / cloud provider. In this blog article, I try to find an algorithm that outputs with high confidence if an IPv4 / Ipv6 address belongs to a hosting provider or not.


Continue reading

Fingerprinting TLS - Core differences between TLS 1.2 and TLS 1.3

Posted on January 18, 2022 in Security • Tagged with TLS Fingerprinting, TLS 1.2, TLS 1.3 • 16 min read

In this blog post, I highlight the core differences between TLS 1.2 and TLS 1.3 and investigate how we can use several properties of the protocol to obtain fingerprinting entropy from TLS clients.


Continue reading

On High-Precision JavaScript Timers

Posted on December 18, 2021 in Security • Tagged with spectre, meltdown, cache-attacks, high-precision-timing, JavaScript • 10 min read

I in this blog post, I am investigating the current state of high precision JavaScript timers. High precision timing techniques were mostly used to launch CPU-level cache attacks such as Spectre and Meltdown from the browser. I am interested in other use cases though...


Continue reading

Is this a valid method to detect Proxies?

Posted on November 26, 2021 in Security • Tagged with proxy, proxy-detection, bot-detection, proxy-provider, anti-scraping • 8 min read

I (maybe) found another method to detect browsers that route their traffic through SOCKS/HTTP proxies. What do you think? Is this a valid method to detect Proxies? I need your help!


Continue reading

So you want to Scrape like the Big Boys? 🚀

Posted on November 03, 2021 in Security • Tagged with scraping, industrial level scraping, big boys • 7 min read

What it really takes to scrape without getting detected.


Continue reading

7 different ways to detect Proxies

Posted on October 16, 2021 in Security • Tagged with proxy, proxy-detection, bot-detection, proxy-provider, anti-scraping • 14 min read

In this blog post, I demonstrate 7 different efficient ways how to detect a proxy server when the client is visiting a web server with a browser that has a proxy / VPN configured.


Continue reading