How can I tell which website JavaScript is running on?
Some websites have JavaScripts which are used for browser fingerprints. I know that these types of scripts validate and send data to the server, for example: browser user agent, screen resolution, font list, etc. So my question is, is it possible to validate these scripts from the client side? If so, how?
source to share
Yes it is possible to test any script on any website with the right debugging tools and timing to sort things out.
For any website, you can run a debugger such as the Chrome debugger, click the Network tab, and see all the network requests the browser makes. Then you will have to sort these queries to find out which ones contain the information you are looking for. If then you want to find the scripts responsible for these requests, you will have to work in reverse order when analyzing the site and scripts to find out which script contains the code making the request.
I don't know what is an automated way to determine exactly which queries contain the information you want. Tools like Disconnect.me automatically protect your browser from some common tracking methods of some common services, but this tool can also cause problems on some sites where the site will not work as expected.
source to share
you can list all scripts used by newer browsers thanks to the performance.getEntries () function:
var scripts=[].slice.call(performance.getEntries())
.map(function(a){return a.initiatorType==="script" && a.name; })
.filter(Boolean);
alert(scripts); /* on this page in console: ["http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "http://cdn.sstatic.net/Js/stub.en.js?v=aa4bf2e33f9d", "http://cdn.sstatic.net/Js/full.en.js?v=207a95000ab6", "http://cdn.sstatic.net/Js/snippet-javascript.en.js?v=3a04bf1d3cc0", "http://cdn.sstatic.net/Js/post-validation.en.js?v=59400b6b717e", "http://cdn-prom.sstatic.net/WinterBash/js/core.js?2", "http://cdn.sstatic.net/Js/external-editor.en.js?v=49dac339584c", "http://winterbash2014.stackexchange.com/api/is-participating?callback=wbParticipating2682405&accountId=2682405&host=stackoverflow.com&_=1418692483862", "http://cdn.sstatic.net/Js/wmd.en.js?v=988f5766f506"] */
if you know any wrong filenames, you can detect and counteract them, or pass a list of URLs to something that the script content itself can display and scan; not sure what your ultimate goal is here ...
source to share