开发者

Can the accessed website detect if i'm using a Virtualized like machine vmware, vbox, etc?

If i access an website, it can detect if im using a virtu开发者_运维知识库al machine ?

More specifically an Vmware image?

And if the website is able to.. How can i prevent it?

Thankful, Chinchila


The accepted answer is not exactly correct. This can sometimes be done even simply using JavaScript by detecting your screen resolution to detect a windowed operating system as explained here: http://carnal0wnage.attackresearch.com/2009/04/detecting-vmware-with-javascript-or-how.html

or by detecting your MAC address (VMware uses fixed MAC ranges) as explained here: http://jeremiahgrossman.blogspot.co.il/2009/08/web-pages-detecting-virtualized.html

To circumvent these problems, don't use re-sized windows and change your machine's MAC address. There are other ways to detect you are in a VM using JAVA applets maybe ActiveX plugins and probably other things as well...


There are few ways to determine whether you are on a Virtual Machine and below are the most used

  1. Through WebGL: WebGL is a Javascript API that comes with the browsers like Google Chrome, Firefox, etc. This will leak the GPU name and the Vendor name of the renderer. While using a Virtual Machine, It will leak different rendered data than while using the browser on a physical machine. For example, Google Chrome shows Renderer's name as "Google SwiftShader"(It is used on machines without 3D graphics hardware.), Firefox Shows the renderer's name as "llvmpipe"(This is also a software renderer). It will lead to understanding to the website that you are on a Virtualised Machine. For more information regarding WebGL Check this link.

  2. Through WebRTC: It will leak the local IP address to the website(Tested on chrome) but firefox is not leaking somehow

    Can the accessed website detect if i'm using a Virtualized like machine vmware, vbox, etc?


    Also, the Virtual box adds a string "VirtualBox" in the prefix to the webcam name. Suppose you are using a Virtual machine and gave webcam access to some website, it will be able to see the webcam name along with the prefix "VirtualBox”. To prevent that you can check this solution once (https://askubuntu.com/a/1357986/699463)

If you want to know more about this kind of leaks, then definitely use this website https://browserleaks.com/ to perform leaking tests like webrtc, webgl, and more. It will also show the ways to avoid this kind of leaks.


Web servers can only tell details about the web browsers through their user agent string. Unless you're using a special web browser (unlikely) that detects that it's running in a VM, then the web server shouldn't know. In any case, UA strings are easy to change to whatever you'd like them to be, so you can always pretend to be something you're not.

Check out this useful Wikipedia article.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜