-
Notifications
You must be signed in to change notification settings - Fork 7
Documentation
Zachary Hampton edited this page Jul 17, 2023
·
7 revisions
Note: This is what the antibot tends to do. This is describing v3 only. https://resource.payrix.com/resources/implementation-lexisnexis-threatmetrix-web
First, a config script is loaded. This script is loaded by the site's developers, however, the script that is loaded is always the same format (different variable names however). This means that custom parsing may be required to get the raw config script.
The target function within this script is the create_url function. This function has many parameters, they are slightly different per site.
The schema I have found is:
- The hostname (abc.com) of the server hosting the TMX backend/antibot scripts
- ".js" (to concatenate to the end of this URL)
- The site's org_id, is basically a unique identifier for the site.
- A session id, usually generated in a script made by the developers of the site, and is handed when loading the config script. In our case, the users will send this to us to solve.
- Any custom parameters the site wants. Also, needs custom parsing to get. ("custom parameters", could just be the page id)
With this data, you can call the function, and generate the profiling script.
The format of the URL is this:
https://<tmx_hostname>/<random string>.js?<params>
The variable above, params, consists of the org_id, session id, and the optional, custom parameters
This script is what loads the main script. It also creates various iframes, HTML elements, and javascript functions in the window object.
This script also sends some basic browser data to the server & returns the cookies that are sometimes used to see if TMX was solved, other times, it is the session_id previously provided.
The possible fields it may send are:
- jsou
- jso
- jsbu
- jsb
- jsmu (bool:
typeof window.orientation !== "undefined") (only sent if true)
{
"jsou":"Mac", #: platform identity
"jso":"Mac OS X 10_15_7",
"jsbu":"Chrome",
"jsb":"Chrome 112",
"lsa":"ca572139d1894e019f01858912ebaebd", #: predefined static string, split by "_", took index 0
"c":-360, #: modified timezone offset (min)
"z":60, #: modified timezone offset (max)
"f":"2880x1800", #: window.devicePixelRatio * window.screen width & height, joined by "x"
"af":"2880x1572", #: window.devicePixelRatio * window.screen.avail width & height, joined by "x"
"sxy":"0x50", #: window.devicePixelRatio * window.screen x & y, joined by "x"
"dpr":"2,1440,900,1440,786,768,675,1440,786,0,25", #: window.devicePixelRatio + "," + screen.width + "," + screen.height + "," + screen.availWidth + "," + screen.availHeight + "," + window.innerWidth + "," + window.innerHeight + "," + window.outerWidth + "," + window.outerHeight + "," + window.screenX + "," + window.screenY;
"mt":"27f51d3149e6bf209b66bd387b0af3c4", #: md5 hashed, navigator.mimeTypes[...].types, joined by commas
"mn":2, #: length of navigator.mimeTypes
"scd":30, #: screen.colorDepth
"lh":"https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&ru=https%3A%2F%2Fwww.ebay.com%2F", #: encodeURIComponent(location.href)
"pl":5, #: navigator.plugins.length
"lq": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36" #: user agent
"ph":"e802dfa555193f4ebe8993eb4a99290d", #: md5 hashed, navigator.plugins[...].name + .description + .filename + .length
"hh":"3faaa7cbed14725fa2c72bfba12b628f", #: md5 hashed, org_id + session_id
"nhc":8, #: navigator.hardwareConcurrency
"ndm":8, #: navigator.deviceMemory
"nmtp":0, #: navigator.maxTouchPoints
"tzd":"America/Chicago", #: encodeURIComponent(Intl.DateTimeFormat().resolvedOptions().timeZone)
"mathr":"4003d1c2bec02e6cc560082ad155401fd4588141d6eaa24dc94afbd72313196a", #: encodeURIComponent(hashed math pow function)
"dr":"https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&ru=https%3A%2F%2Fwww.ebay.com%2F", #: encodeURIComponent(location.href)
"p":"plugin_flash^false!plugin_windows_media_player^false!plugin_adobe_acrobat^false!plugin_quicktime^false!plugin_shockwave^false!plugin_realplayer^false!plugin_vlc_player^false!plugin_devalvr^false!plugin_svg_viewer^false!plugin_java^false", #: if plugin exists string combined
"gl_c":"webglWebGL 1.0 (OpenGL ES 2.0 Chromium)WebGL GLSL ES 1.0 (OpenGL ES GLSL ES 1.0 Chromium)WebKitWebKit WebGLANGLE_instanced_arrays; EXT_blend_minmax; EXT_color_buffer_half_float; EXT_disjoint_timer_query; EXT_float_blend; EXT_frag_depth; EXT_shader_texture_lod; EXT_texture_compression_rgtc; EXT_texture_filter_anisotropic; EXT_sRGB; KHR_parallel_shader_compile; OES_element_index_uint; OES_fbo_render_mipmap; OES_standard_derivatives; OES_texture_float; OES_texture_float_linear; OES_texture_half_float; OES_texture_half_float_linear; OES_vertex_array_object; WEBGL_color_buffer_float; WEBGL_compressed_texture_s3tc; WEBGL_compressed_texture_s3tc_srgb; WEBGL_debug_renderer_info; WEBGL_debug_shaders; WEBGL_depth_texture; WEBGL_draw_buffers; WEBGL_lose_context; WEBGL_multi_draw16", #: webgl parameters & extensions
"gl_h":"1610bd8bb36deb694cae98b82da0e9d1e14b9614", #: hashed gl_c
"wglv":"Google Inc. (Apple)", #: webgl UNMASKED_VENDOR_WEBGL parameter
"wglr":"ANGLE (Apple, Apple M1, OpenGL 4.1)", #: webgl UNMASKED_RENDERER_WEBGL parameter
"ccd":3, #: browser performance function
"medh":"(1,1,1,e12ead95566221e7c4e320e56363dcb477a3c93a4a8510beb25f01bca07d4e8d)", #: rtc stats, counts & hash
"jac":1, #: static
"pge_update":{
"0":{
"ver":3
}
},
"jfn":23, #: font count?
"jfh":"43c92d78a0ec08eed3f5c19abac7808c", #: canvas font fingerprinting hash
"jftn":"0:451:23", #: <1 or 0>:<execution time (difference in times)>:<jfn>
"pm":"no", #: did 'window.indexedDB.open("test")' fail or not
"batst":{ #: battery information
"level":0.8, #: percentage, fixed to 2
"status":"unplugged" #: unplugged, or charging
},
"audh":"943b13cd49ecbb3a170a4d54547d8f2e67fcc389e9b22a318e07b8efe0c2e553", #: audio hash
"ex3":"263bf50c9cdbf3ec83651ffe8a60abc764c06ccd", #: canvas fingerprint
"hbd":":wd_1:ch_1:pq_0:pi_5:la_1:ln_2:pc_0:ph_0:mi_0:sl_0:cw_1:sv_0,786,1440,0,0,0,0,1440,900,1440,786,30,30,2:rt_false,true,true,true:ic_true:ps_default,prompt", #: selenium web driver detection and browser information
"wei":"127.0.0.1", #: ip address
"rev":"4.15,60.00,60.00,60.00,60.00,60.00,60.00,60.00,60.00,60.00", #: mouse related events
"cac":1, #: always 1
"mousemv":{ #: mouse overall stats (meta params)
"ver":3,
"start":1688658825316,
"end":16247,
"scroll":0,
"distance":95.63,
"idle":20,
"mouse":{
}
},
"mst": { #: mouse stats (labeled by gpt)
"ver": 3, // Version
"md_min": 95.63, // Minimum distance
"md_avg": 95.63, // Average distance
"md_max": 95.63, // Maximum distance
"mv_min": 0, // Minimum velocity
"mv_avg": 0.01, // Average velocity
"mv_max": 0.01, // Maximum velocity
"mi_min": 0, // Minimum inflexion
"mi_avg": 0, // Average inflexion
"mi_max": 0, // Maximum inflexion
"mc_min": 0, // Minimum curviness
"mc_avg": 0, // Average curviness
"mc_max": 0, // Maximum curviness
"wd_min": 0, // Minimum distance
"wd_avg": 0, // Average distance
"wd_max": 0, // Maximum distance
"wr_min": 0, // Minimum reversal
"wr_avg": 0, // Average reversal
"wr_max": 0, // Maximum reversal
"bd_min": 0, // Minimum depress
"bd_avg": 0, // Average depress
"bd_max": 0, // Maximum depress
"bc_L": 0, // Left button count
"bc_M": 0, // Middle button count
"bc_R": 0, // Right button count
"dti": 95.63, // Distance total and inflection
"avy": 0.03, // Average velocity per distance
"dts": 473.89, // Distance total
"ctu": 4.9555, // Curviness total
"tti": 16248, // Time total inflection
"sap": 0.01, // Speed average per time
"abr": 0, // Average button rate
"hme": 0, // Hesitancy max
"hms": 0, // Hesitancy min
"hae": 0, // Hesitancy average
"hne": 0, // Hesitancy count
"dni": 0, // Discrete X
"dns": 0, // Discrete Y
"mno": 1, // Motion count
"mto": 0, // Motion type
"mso": 0, // Segment count
"mmc": 0, // Motions count
"mmm": 0, // Mean motions
"msm": 0.01, // Motion speed mean
"vsm": 0, // Variance speed mean
"vam": 0 // Variance acceleration mean
}
}