On High-Precision JavaScript Timers

Posted on December 18, 2021 in Security • Tagged with spectre, meltdown, cache-attacks, high-precision-timing, JavaScript • 10 min read

I in this blog post, I am investigating the current state of high precision JavaScript timers. High precision timing techniques were mostly used to launch CPU-level cache attacks such as Spectre and Meltdown from the browser. I am interested in other use cases though...


Continue reading

Is this a valid method to detect Proxies?

Posted on November 26, 2021 in Security • Tagged with proxy, proxy-detection, bot-detection, proxy-provider, anti-scraping • 8 min read

I (maybe) found another method to detect browsers that route their traffic through SOCKS/HTTP proxies. What do you think? Is this a valid method to detect Proxies? I need your help!


Continue reading

So you want to Scrape like the Big Boys? 🚀

Posted on November 03, 2021 in Security • Tagged with scraping, industrial level scraping, big boys • 7 min read

What it really takes to scrape without getting detected.


Continue reading

7 different ways to detect Proxies

Posted on October 16, 2021 in Security • Tagged with proxy, proxy-detection, bot-detection, proxy-provider, anti-scraping • 14 min read

In this blog post, I demonstrate 7 different efficient ways how to detect a proxy server when the client is visiting a web server with a browser that has a proxy / VPN configured.


Continue reading

On the Architecture of Bot Detection Services

Posted on July 18, 2021 in Security • Tagged with Internet Bots, CAPTCHA, Bot Detection • 15 min read

There are unique challenges when developing a passive bot detecting system. In this blog article, I explain some of the obstacles that need to be overcome in order to detect advanced bots without presenting a CAPTCHA. I also explain how bot programmers can benefit from the architectural challenges that bot detection systems inherently suffer from.


Continue reading

API to Check if an IP Address belongs to a Datacenter / Cloud Provider

Posted on June 20, 2021 in Security • Tagged with API, IP-Address-Check, Datacenter, Cloud-Provider • 3 min read

For security reasons, it's often helpful to check if an IP Address belongs to a datacenter or cloud computing provider such as Amazon AWS or Microsoft Azure. Therefore, I have developed a simple public API that helps you to check if an IP address belongs to a datacenter / cloud provider.


Continue reading