A: 

.NET framework versions are transmitted in IE, in the User Agent.

James Deville  2008-09-17 20:38:59
A: 
  1. Can the browser support JS
  2. Can the browser support flash
  3. Operating system platform
  4. Screen resolution
  5. Supports CSS
  6. Supports tables
Mitchel Sellers  2008-09-17 20:41:07
When you said "flas" did you mean "flash"? HOW does one test for these things? For instance, I've never heard of being able to test whether tables are supported... how on EARTH would one do that?
mcherm  2008-09-17 20:47:25
yes, that was supposed to be flash. SOme of them are being done via JS, and some are items that .NET calculates for you already if using ASP.NET.You can use google to get a good listing of items that you can find.
Mitchel Sellers  2008-09-17 21:11:18
A: 
  • There's a header that can include information about a proxy server the user is using, and that can also include the user's IP address (in which case the other IP is the one of the proxy)
  • Screen Resolution, Operating System, Color Depth, size of your taskbar (compare max and current resolution), if Java is enabled, Anti-Aliasing Fonts, Plugins Installed all via Javascript
  • A Java applet can give you a bunch of information as well, but I don't know what.
  • Sites you've visited
  • Details of your local network such as active hosts, web servers. Paper Also outlines drive-by printing, drive-by router modification

And this is all assuming the attacker doesn't pull off arbitrary code execution

Tom Ritter  2008-09-17 20:42:21
A: 

Flash can give you a list of fonts on the user's machine among other things. Javascript can send information when the mouse stops over an ad without clicking it. You can also get the window size, whether the site is open in a frame, if popups or specific plugins have been blocked, looking for Javascript features can tell if the user agent header is correct or faked...

jjrv  2008-09-17 20:43:25
+2  A: 

Modifications to your original:

  1. can be escaped ( i think its an option in some browsers )
  2. only avoidable with a proxy ( javascript can contravene this however with smart lookaround )
  3. is unreliable, easily forged.
  4. And assuming it was not wiped by browser closure ( session cookie ) and cookie is in the same domain/path

The real nasty ones are

  1. Using javascript to probe your network/lan
  2. Using javascript to access your firewall from behind the firewall and adjust its settings ( no joke )
  3. Using the feature of the "visited link" to determine which of a list of urls have been visited. ( deep history probing ! )
  4. Goodness knows what if the user has Windows/IE/ActiveX
Kent Fredric  2008-09-17 20:44:15
A: 

Some additional info, that might be of interest:

  • Using the ip address, one can resolve the hostname, net provider / organization the IP belongs to, and rough geographic location.
  • Using the referer, the list of queries a specified client makes, and a reliable cookie mechanism, one can resolve the path the visitor makes (even clickthroughs to other sides, with AJAX and/or a forwarder page)
  • Using flash, with a combination of AJAX, the mouse location within the browsing window can be captured
  • The User Agent might contain information regarding operation system, installed .NET frameworks, and other curiosities
Silver Dragon  2008-09-17 20:46:25
A: 
  • You can usually determine which language the user speaks through the Accept-Language HTTP header.
  • You can determine whether certain applications and browser plugins are installed by looking at the Accept HTTP header.
  • Browser version/patchlevel and .NET framework version through the User-Agent HTTP header.
  • Your ISP/Employer and geographical location through IP address.
  • Whether or not you have visited particular URLs through CSS and/or timing load events. If a particular website has user-specific URIs, this could disclose whether you are a certain user on that site or not.
  • Which fonts are available through measuring ems and/or Flash.
  • Screen resolution, window size, timezone through JavaScript.
  • Where you move your mouse and keystrokes through JavaScript. For instance, you can see what people type into text boxes even if they don't hit submit.
  • Many UserJS/Greasemonkey scripts leak information (e.g. if you filter out certain people, the sites it is configured for may be able to find out who).
Jim  2008-09-17 20:46:32
A: 

Javascript can get more information than just time. E.g. screen resolution (+ color depth) being one of them.

See Getting Screen Resolution with JS

Everything JS can capture, can be transmitted using AJAX without the user performing any interaction. Other examples are (not all will work in every browser):

  • It can look into your browser history, e.g. what URL your browser would go if you hit back or forward.

  • The language of your browser (Note: usually the HTTP request will also contain a list of preferred languages for the page you request. However this list is user editable in the prefs of many browser, while JS can actually find out what the language translation your browser is using in the interface)

  • If your browser auto fills form fields (e.g. e-mail, username, etc.), JS can actually already read what your browser entered into the fields before you submitted the form (thus it can even read what your browser pre-filled there, even if you never submit the form at all).

A Java applet could also gather some information and transmit it, though there is not much information you wouldn't already get elsewhere. Since it's easy to get the IP of a visitor, it's possible to find out which online service he's using (looking up the IP at address services like IANA for USA or RIPE for Europe and so on) and there are services that translate IPs to country, so it's possible to find out where the user most likely is currently located.

Mecki  2008-09-17 20:49:45
A: 

If you're concerned about your personal security (I'm not sure if that's what you're really getting after, so my apologies if this is misguided), you can always use a Tor network. If you use Firefox, you can use Torbutton for one click enabling. It has the benefit (drawback, to some), of disabling Flash because it's otherwise impossible to protect against Flash information leaks.

Ovid  2008-09-17 20:52:21
A: 

I need to dig up the link, but if the user is using IE, with common software titles installed, determining which ones are installed is possible.

scunliffe  2008-09-19 02:45:52
A: 

As far as I know, it's possible to get clipboard data via javascript. Not sure how possible it is by default these days, but it was all the rage not long ago. I do believe IE still allows it.

People have a habit of leaving very important data in their clipboard, so this is pretty bad.

Daniel Bruce  2008-09-19 02:57:06

related questions

Make Browser Window Blink in Task Bar
Large File Download
Browser's Default CSS
Disable browser 'Save Password' functionality
What's the simplest way to decremement a date in Javascript by 1 day?
Browser scrollbar
Limitations of screen readers.
Version detection with Silverlight
Best way to fix CSS/JS drop-down problem in IE7 when page includes Google Map
Recommendations for browser add-on tools to help with development
Hyperlinks displaced on IE7
Building Standalone Applications in JavaScript
HTML differences between browsers
Browser Sync accross many machines
Getting selected text in a browser, cross-platform.
How to get PNG transparency working in browsers that don't natively support it?
Best WYSIWYG CSS editor?
Javascript events
Preferred way to use favicons?
IE6: To support or not to support.
Getting the text from a drop-down box
Other browsers
Drag and Drop to a hosted Browser control
How can I tell if a web client is blocking ads?
How can I determine a web user's time zone?