個人的力量是勢單力薄的，愿大家一同交流，共同進步。
加入我們，拒絕市面智商稅。
苦瓜唯一vx:yu_zhi_dao qq:3374678873
在此鄙視市面上某些人，勿對號入座，廣告的要死，人也小氣，割韭菜大師，還搞個m1接口圈粉圈錢，百度上搜到的都是他自己寫的廣告文章，xswl

Metadata1篇

1.metadata1有何用處？
總所周知，我們?nèi)绻顷慳mazon，需要打開amazon.com并點擊登陸，此時我們僅需要輸入賬號及密碼，amazon會告訴我們是否登陸成功。那么，瀏覽器和amazon做了什么工作？當(dāng)我們點擊Sign-In按鈕時，瀏覽器會將你的賬號密碼及amazon工程師放在你頁面的一些隱藏參數(shù)轉(zhuǎn)交給amazon服務(wù)器，而我們用戶僅能看見amazon頁面讓我們輸入的賬號及密碼，其它一切都由瀏覽器和amazon負責(zé)交互數(shù)據(jù)，辛苦了，我的amazon！那么我們的關(guān)系應(yīng)該是三者關(guān)系：
1.用戶 負責(zé)可視化頁面的操作
2.瀏覽器 負責(zé)傳話(把amazon返回的吧啦吧啦畫成網(wǎng)頁給用戶看|把用戶的網(wǎng)頁內(nèi)容變成參數(shù)告訴amazon)
3.amazon服務(wù)器 負責(zé)接收瀏覽器傳來的用戶數(shù)據(jù)(數(shù)據(jù)由誰控制？？？amazon，你訪問的網(wǎng)頁說了算)

當(dāng)我們登陸時，瀏覽器跟amazon說了什么（這里刨除headers及cookie，僅說post的form data）？

由于內(nèi)容過多，未完全展示

其中有我們的賬號，及我們的密碼，但這里的密碼是由amazon加密后的結(jié)果，并不是我們輸入的密碼(明文)，其中就有我們今天聊的metadata1，

metadata1

2.metadata1里有什么？
難道m(xù)etadata1真的就如同上面所說僅僅是驗證你是否是正常途徑來跟amazon進行數(shù)據(jù)交換的嘛？并不，再讓我們以amazon工程師的角度想想，我們有一些見不得人的參數(shù)/比如用戶的瀏覽器版本/用戶的點了頁面的哪些地方/用戶瀏覽器上裝了什么插件/用戶提交登陸的時間，這些東西我不希望用戶知道我要獲取，那么我們?yōu)槭裁床煌瑫r放入metadata1中，讓用戶看不懂這一串里面包含了什么呢？說干就干，metadata1同時被賦予了使命！
那么前面說了，規(guī)則是由amazon制定，瀏覽器執(zhí)行并轉(zhuǎn)交給amazon，那么metadata1肯定是在瀏覽器端被生成出來的(JavaScript)，所以我們有了可乘之機，能一窺metadata1被生成前里面到底有什么，由于amazon的javascript腳本被大量混淆，故分析難度較大，此文直接到metadata1生成前的位置:

metadata1生成前

FABFD437#{"metrics":{"el":0,"script":0,"h":0,"batt":0,"perf":0,"auto":0,"tz":0,"fp2":0,"lsubid":0,"browser":0,"capabilities":0,"gpu":0,"dnt":0,"math":0,"tts":0,"input":0,"canvas":0,"captchainput":0,"pow":0},"start":1614334458991,"interaction":{"clicks":0,"touches":0,"keyPresses":0,"cuts":0,"copies":0,"pastes":0,"keyPressTimeIntervals":[],"mouseClickPositions":[],"keyCycles":[],"mouseCycles":[],"touchCycles":[]},"scripts":{"dynamicUrls":["https://images-na.ssl-images-amazon.com/images/I/31YXrY93hfL.js","https://images-na.ssl-images-amazon.com/images/I/61-6nKPKyWL._RC|11Y+5x+kkTL.js,61h1ZQEtf7L.js,31x4ENTlVIL.js,31f4+QIEeqL.js,01N6xzIJxbL.js,518BI433aLL.js,01rpauTep4L.js,31QZSjMuoeL.js,61ofwvddDeL.js,01KsMxlPtzL.js_.js?AUIClients/AmazonUI","https://images-na.ssl-images-amazon.com/images/I/21G215oqvfL._RC|21OJDARBhQL.js,218GJg15I8L.js,31lucpmF4CL.js,2119M3Ks9rL.js,51Qm24OwGQL.js_.js?AUIClients/AuthenticationPortalAssets","https://images-na.ssl-images-amazon.com/images/I/01wGDSlxwdL.js?AUIClients/AuthenticationPortalInlineAssets","https://images-na.ssl-images-amazon.com/images/I/31EB1+1RLvL.js?AUIClients/CVFAssets","https://images-na.ssl-images-amazon.com/images/I/81JZFvi7+TL.js?AUIClients/SiegeClientSideEncryptionAUI","https://images-na.ssl-images-amazon.com/images/I/71vqZ1F8KbL.js?AUIClients/FWCIMAssets","https://static.siege-amazon.com/prod/keys/AuthPortalSigninPasswordNA.js","https://static.siege-amazon.com/prod/profiles/AuthenticationPortalSigninNA.js"],"inlineHashes":[-1746719145,-2126686156,-314038750,1801981578,556422260,-180268601,318224283,487466233,4606827,-1611905557,1800521327,2118020403,1532181211,-289093411],"elapsed":20,"dynamicUrlCount":9,"inlineHashesCount":14},"history":{"length":8},"battery":{},"performance":{"timing":{"connectStart":1614334456741,"navigationStart":1614334456713,"loadEventEnd":1614334458625,"domLoading":1614334457924,"secureConnectionStart":1614334456937,"fetchStart":1614334456720,"domContentLoadedEventStart":1614334458478,"responseStart":1614334457807,"responseEnd":1614334458327,"domInteractive":1614334458476,"domainLookupEnd":1614334456741,"redirectStart":0,"requestStart":1614334457155,"unloadEventEnd":1614334457916,"unloadEventStart":1614334457914,"domComplete":1614334458609,"domainLookupStart":1614334456734,"loadEventStart":1614334458609,"domContentLoadedEventEnd":1614334458488,"redirectEnd":0,"connectEnd":1614334457155}},"automation":{"wd":{"properties":{"document":[],"window":[],"navigator":[]}},"phantom":{"properties":{"window":[]}}},"end":1614334508582,"timeZone":8,"flashVersion":null,"plugins":"Chrome PDF Plugin Chrome PDF Viewer Native Client ||1920-1080-1040-24-*-*-*","dupedPlugins":"Chrome PDF Plugin Chrome PDF Viewer Native Client ||1920-1080-1040-24-*-*-*","screenInfo":"1920-1080-1040-24-*-*-*","lsUbid":"X02-7779343-7395766:1613619234","referrer":"https://www.amazon.com/ap/signin","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36","location":"https://www.amazon.com/ap/signin","webDriver":null,"capabilities":{"css":{"textShadow":1,"WebkitTextStroke":1,"boxShadow":1,"borderRadius":1,"borderImage":1,"opacity":1,"transform":1,"transition":1},"js":{"audio":true,"geolocation":true,"localStorage":"supported","touch":false,"video":true,"webWorker":true},"elapsed":1},"gpu":{"vendor":"Google Inc.","model":"ANGLE (Intel(R) HD Graphics 5500 Direct3D11 vs_5_0 ps_5_0)","extensions":["ANGLE_instanced_arrays","EXT_blend_minmax","EXT_color_buffer_half_float","EXT_disjoint_timer_query","EXT_float_blend","EXT_frag_depth","EXT_shader_texture_lod","EXT_texture_compression_bptc","EXT_texture_compression_rgtc","EXT_texture_filter_anisotropic","WEBKIT_EXT_texture_filter_anisotropic","EXT_sRGB","KHR_parallel_shader_compile","OES_element_index_uint","OES_fbo_render_mipmap","OES_standard_derivatives","OES_texture_float","OES_texture_float_linear","OES_texture_half_float","OES_texture_half_float_linear","OES_vertex_array_object","WEBGL_color_buffer_float","WEBGL_compressed_texture_s3tc","WEBKIT_WEBGL_compressed_texture_s3tc","WEBGL_compressed_texture_s3tc_srgb","WEBGL_debug_renderer_info","WEBGL_debug_shaders","WEBGL_depth_texture","WEBKIT_WEBGL_depth_texture","WEBGL_draw_buffers","WEBGL_lose_context","WEBKIT_WEBGL_lose_context","WEBGL_multi_draw"]},"dnt":1,"math":{"tan":"-1.4214488238747245","sin":"0.8178819121159085","cos":"-0.5753861119575491"},"form":{"ap-credential-autofill-hint":{"clicks":0,"touches":0,"keyPresses":0,"cuts":0,"copies":0,"pastes":0,"keyPressTimeIntervals":[],"mouseClickPositions":[],"keyCycles":[],"mouseCycles":[],"touchCycles":[],"width":0,"height":0,"totalFocusTime":0,"prefilled":true},"password":{"clicks":0,"touches":0,"keyPresses":0,"cuts":0,"copies":0,"pastes":0,"keyPressTimeIntervals":[],"mouseClickPositions":[],"keyCycles":[],"mouseCycles":[],"touchCycles":[],"width":296,"height":31,"totalFocusTime":0,"prefilled":false}},"canvas":{"hash":814841331,"emailHash":null,"histogramBins":[13746,49,36,34,54,45,36,37,32,43,32,24,16,32,77,41,35,23,43,38,28,35,7,25,60,27,29,43,45,34,48,28,24,20,27,14,30,29,20,25,32,21,18,44,51,25,18,37,19,19,13,28,21,19,17,43,15,13,23,48,32,28,29,16,20,21,32,13,16,17,14,26,43,6,46,17,22,18,37,42,22,16,18,56,22,36,40,46,29,26,24,40,24,16,8,23,50,15,28,66,47,28,495,34,76,44,13,20,10,34,13,15,14,17,43,10,14,23,25,22,21,25,15,17,20,41,65,20,21,69,41,20,24,11,21,16,15,62,10,14,14,18,14,20,13,29,73,22,13,10,55,13,10,101,26,31,18,18,14,18,15,26,16,12,50,18,7,17,45,46,12,19,51,17,11,18,41,21,38,25,9,19,15,82,37,14,11,10,15,53,18,15,23,18,25,58,45,14,47,25,45,12,35,16,44,30,36,46,57,39,13,68,80,15,33,19,21,30,26,31,35,29,26,55,33,38,30,112,64,40,34,53,45,16,37,23,78,26,28,17,81,92,46,20,63,27,76,57,78,40,41,100,37,46,44,13809]},"token":{"isCompatible":true,"pageHasCaptcha":0},"auth":{"form":{"method":"post"}},"errors":[],"version":"4.0.0"}

該數(shù)據(jù)是由json進行格式化，請使用json工具展開能更好查看數(shù)據(jù)結(jié)構(gòu)
至此，metadta1的用處及內(nèi)部參數(shù)被刨析完畢

Canvas指紋篇：

如果小伙伴去看了上面的metadata1中的數(shù)據(jù)結(jié)構(gòu)，會發(fā)現(xiàn)有一個canvas的數(shù)據(jù)，那么這個就是所謂的指紋。

1.該指紋如何被生成?

通過html5的canvas接口，在網(wǎng)頁上繪制一個隱藏的畫布圖像。在不同操作系統(tǒng)、不同瀏覽器上，產(chǎn)生的圖片內(nèi)容不完全相同（我們?nèi)庋凼菬o法區(qū)分的）。在圖片格式上，不同瀏覽器使用了不同的圖形處理引擎、不同的圖片導(dǎo)出選項、不同的默認壓縮級別等。在像素級別來看，操作系統(tǒng)各自使用了不同的設(shè)置和算法來進行抗鋸齒和子像素渲染操作。即使相同的繪圖操作，產(chǎn)生的圖片數(shù)據(jù)的CRC檢驗也不相同。
計算機程序通過計算這張圖片數(shù)據(jù)的哈希值，能夠識別不同硬件設(shè)備渲染結(jié)果的細微區(qū)別。通過這種方式，技術(shù)上就能夠通過計算用戶設(shè)備的canvas指紋來標(biāo)識用戶。
值得注意的是，如果用戶的設(shè)備，操作系統(tǒng)，瀏覽器都一樣的話，計算出來的canvas指紋是一樣的。換句話說：canvas指紋不具備唯一性，要和其他的瀏覽器指紋相互結(jié)合利用來進一步計算出區(qū)分度更高的指紋標(biāo)識。
感興趣的用戶可以訪問 browserleaks.com 測試瀏覽器是否支持 Canvas，是否容易受到 Canvas 指紋的跟蹤。
作者：Answer_58e9
鏈接：http://www.itdecent.cn/p/e2efc4c070eb
來源：簡書
著作權(quán)歸作者所有。商業(yè)轉(zhuǎn)載請聯(lián)系作者獲得授權(quán)，非商業(yè)轉(zhuǎn)載請注明出處。

不想再造輪子，我們直接百度一波看看人家如何解釋。

看起來很復(fù)雜的樣子，但總結(jié)一下就是該玩意并不能100%確定設(shè)備一致性，同時如果同硬件及分辨率下?lián)Q不同的瀏覽器及版本產(chǎn)生的結(jié)果也不一致。但同版本同瀏覽器下的指紋具有唯一性，但并不100%不與其他人重疊。

起碼我們搞清楚方向了

Ps：canvas并不只在登陸或注冊時通過metadata1發(fā)送，oe包中也含有metadata1，但加密方式并不一致！

解決方式總結(jié)：
瀏覽器端：
1.禁用JavaScript
2.hook JavaScript畫圖接口，加入圖片噪點 (類似于chrome這種瀏覽器，編寫插件在頁面加載后開始搞事 firefox等同理 插件參考：https://github.com/kkapsner/CanvasBlocker)
3.使用內(nèi)核進行JSHOOK，結(jié)果V8初始化事件在瀏覽器未執(zhí)行js前執(zhí)行hook(very good) 但該方法依舊會被部分網(wǎng)站查出
4.內(nèi)核二次修改 - - 我可不想動cef

End，就水到這，這期并不想放什么實際結(jié)果，沒有什么意義，老夫shua/單都是一梭子亂按，并不考慮指紋