JavaScript Template Attacks is a tool to automatically find subtle differences in browser engines caused by the environment. The main use case of JavaScript Template Attacks is to provide an automated augmentation for the development process of defense mechanisms. However, it can also be used to aid in the search for fingerprints or to get a more precise picture of a victim's environment for targeted exploitation.

The tool is implemented entirely in JavaScript. The frontend runs inside the browser, and the backend in Node.js. Setting up the tool is as simple as running

node server

This command starts a local server listening on port 8080.

Open http://localhost:8080 in the browser to get to the main menu of the tool. The main site shows all recorded profiles and provides different functions described in this section.

Records a new profile. Click on this button with a browser of which a (new) profile should be recorded. The page asks for a unique identifier of this profile. By default, this is the user agent of the browser.

A list of all profiles in the template, including the number of recorded properties.

Deletes a profile. Note that a deleted profile cannot be restored.

This triggers another collection step for a profile. Recording more traces should be done until the number of properties converges to a stable value. Usually, this is 2 to 4 times.

Compares two profiles of the template to find leaking properties. SImply select two profiles to compare. The comparison page lists all properties where the values differ and shows the number of different properties at the end.

The code is licensed under the MIT license.