Just curious...

[blueman378]

Hi guys, im just curious as to how much information you can get from a users (involuntarily) with a combination of php and javascript,

 

eg i know you can get:

 

a users OS

a users IP

a users Browser

a users Locale

 

but what else can you grab?

[samshel]

see phpinfo()

[RussellReal]

you could use geo IP software which locates the latitude longitude of the given IP, but most IPs are pointed to the users' local ISP locations, so its not exactly accurate.

 

with JavaScript I'd assume you have access to the browser's history, and if you decided to try vbScript you could have access to much more of a user.. E.G. File Writing, Mouse Control, File Deleting, File Moving, Plant Viruses etc.

NOTE: VBScript only works on IE.

VBScript will prompt the user a warning, so basically.. Its not worth the time to learn.

[genericnumber1]

doing

<?php
var_dump($_SERVER);
?>

will include most of the headers their browser sent along with some information about your server.

 

Keep in mind any of this sent information is easily spoofed (faked), so it can't be relied on.

 

To the above user: No, javascript doesn't have any access to the browser's history beyond the ability to go back/forward, etc on the click of a button, and I wouldn't encourage people to do things malicious .

 

To second poster: That's server info, not client info.

[Mark Baker]

Pay a visit to browserspy to find just how much information can be gleaned

[samshel]

phpinfo() also returns HTTP Headers Information...so its not just server side data.