{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T16:29:33Z","timestamp":1772555373525,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":86,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,5,30]],"date-time":"2022-05-30T00:00:00Z","timestamp":1653868800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["EXC 2092 CASA - 390781972"],"award-info":[{"award-number":["EXC 2092 CASA - 390781972"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,5,30]]},"DOI":"10.1145\/3488932.3517414","type":"proceedings-article","created":{"date-parts":[[2022,5,24]],"date-time":"2022-05-24T04:23:26Z","timestamp":1653366206000},"page":"1168-1181","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Server-Side Browsers"],"prefix":"10.1145","author":[{"given":"Marius","family":"Musch","sequence":"first","affiliation":[{"name":"TU Braunschweig, Braunschweig, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Robin","family":"Kirchner","sequence":"additional","affiliation":[{"name":"TU Braunschweig, Braunschweig, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Max","family":"Boll","sequence":"additional","affiliation":[{"name":"TU Braunschweig, Braunschweig, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Martin","family":"Johns","sequence":"additional","affiliation":[{"name":"TU Braunschweig, Braunschweig, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,5,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Paul Vorbach. 2021 b. npm-stat: puppeteer. Online https:\/\/npm-stat.com\/charts.html?package=puppeteer&from=2017-06-01&to=2021-02-24.  Paul Vorbach. 2021 b. npm-stat: puppeteer. Online https:\/\/npm-stat.com\/charts.html?package=puppeteer&from=2017-06-01&to=2021-02-24."},{"key":"e_1_3_2_1_2_1","volume-title":"ECMAScript 2009 Language Specification","year":"2009","unstructured":"2009. ECMAScript 2009 Language Specification 5 th Edition. Online https:\/\/www.ecma-international.org\/wp-content\/uploads\/ECMA-262_5th_ edition_december_ 2009 .pdf. 2009. ECMAScript 2009 Language Specification 5th Edition. Online https:\/\/www.ecma-international.org\/wp-content\/uploads\/ECMA-262_5th_ edition_december_2009.pdf.","edition":"5"},{"key":"e_1_3_2_1_3_1","unstructured":"2020. Google Search Central - Googlebot evergreen rendering in our testing tools. Online https:\/\/developers.google.com\/search\/blog\/2019\/08\/evergreen- googlebot-in-testing-tools.  2020. Google Search Central - Googlebot evergreen rendering in our testing tools. Online https:\/\/developers.google.com\/search\/blog\/2019\/08\/evergreen- googlebot-in-testing-tools."},{"key":"e_1_3_2_1_4_1","unstructured":"2021. Burp Suite. Online https:\/\/portswigger.net\/burp.  2021. Burp Suite. Online https:\/\/portswigger.net\/burp."},{"key":"e_1_3_2_1_5_1","unstructured":"2021. Microsoft Bing Blogs - bingbot Series: JavaScript Dynamic Rendering and Cloaking. Oh My! Online https:\/\/blogs.bing.com\/webmaster\/october-2018\/ bingbot-Series-JavaScript -Dynamic-Rendering -and-Cloaking-Oh-My.  2021. Microsoft Bing Blogs - bingbot Series: JavaScript Dynamic Rendering and Cloaking. Oh My! Online https:\/\/blogs.bing.com\/webmaster\/october-2018\/ bingbot-Series-JavaScript -Dynamic-Rendering -and-Cloaking-Oh-My."},{"key":"e_1_3_2_1_6_1","unstructured":"2021. Symantec Sitereview: WebPulse Site Review Request. Online https:\/\/ sitereview.bluecoat.com\/.  2021. Symantec Sitereview: WebPulse Site Review Request. Online https:\/\/ sitereview.bluecoat.com\/."},{"key":"e_1_3_2_1_7_1","unstructured":"2021. VirusTotal. Online https:\/\/www.virustotal.com\/gui\/home\/url.  2021. VirusTotal. Online https:\/\/www.virustotal.com\/gui\/home\/url."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516674"},{"key":"e_1_3_2_1_9_1","unstructured":"Apple. 2021. iOS SDK Release Notes for iOS 8.0 GM. Online https:\/\/developer.apple.com\/library\/archive\/releasenotes\/General\/RN-iOSSDK-8.0\/.  Apple. 2021. iOS SDK Release Notes for iOS 8.0 GM. Online https:\/\/developer.apple.com\/library\/archive\/releasenotes\/General\/RN-iOSSDK-8.0\/."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-52683-2_7"},{"key":"e_1_3_2_1_11_1","unstructured":"Mark Beech. 2021. GitHub: Crawler-Detect. Online https:\/\/github.com\/JayBizzle\/Crawler-Detect.  Mark Beech. 2021. GitHub: Crawler-Detect. Online https:\/\/github.com\/JayBizzle\/Crawler-Detect."},{"key":"e_1_3_2_1_12_1","unstructured":"Eric Bidelman. 2021. Headless Chrome: an answer to server-side rendering JS sites. Online https:\/\/developers.google.com\/web\/tools\/puppeteer\/articles\/ssr.  Eric Bidelman. 2021. Headless Chrome: an answer to server-side rendering JS sites. Online https:\/\/developers.google.com\/web\/tools\/puppeteer\/articles\/ssr."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2430553.2430557"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCC.2010.89"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.17"},{"key":"e_1_3_2_1_16_1","unstructured":"Bugcrowd. 2018. GitHub: HUNT - SSRF Python script. Online https:\/\/github.com\/bugcrowd\/HUNT\/blob\/master\/ZAP\/scripts\/passive\/SSRF.py.  Bugcrowd. 2018. GitHub: HUNT - SSRF Python script. Online https:\/\/github.com\/bugcrowd\/HUNT\/blob\/master\/ZAP\/scripts\/passive\/SSRF.py."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2994459.2994467"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSYM.2010.5685537"},{"key":"e_1_3_2_1_19_1","unstructured":"Chrome Releases. 2021 a. Chrome 88 Stable Channel Update for Desktop. Online https:\/\/chromereleases.googleblog.com\/2021\/02\/stable-channel-update-for-desktop.html.  Chrome Releases. 2021 a. Chrome 88 Stable Channel Update for Desktop. Online https:\/\/chromereleases.googleblog.com\/2021\/02\/stable-channel-update-for-desktop.html."},{"key":"e_1_3_2_1_20_1","unstructured":"Chrome Releases. 2021 b. Chrome 89 Stable Channel Update for Desktop. Online https:\/\/chromereleases.googleblog.com\/2021\/03\/stable-channel-update-for-desktop.html.  Chrome Releases. 2021 b. Chrome 89 Stable Channel Update for Desktop. Online https:\/\/chromereleases.googleblog.com\/2021\/03\/stable-channel-update-for-desktop.html."},{"key":"e_1_3_2_1_21_1","unstructured":"Chromium Blog. 2021. Speeding up Chrome's release cycle. Online https:\/\/blog.chromium.org\/2021\/03\/speeding-up-release-cycle.html.  Chromium Blog. 2021. Speeding up Chrome's release cycle. Online https:\/\/blog.chromium.org\/2021\/03\/speeding-up-release-cycle.html."},{"key":"e_1_3_2_1_22_1","unstructured":"Chromium Bug Tracker. 2020 a. Issue 1081874: Double free on NodeChannel. Online https:\/\/crbug.com\/1081874.  Chromium Bug Tracker. 2020 a. Issue 1081874: Double free on NodeChannel. Online https:\/\/crbug.com\/1081874."},{"key":"e_1_3_2_1_23_1","unstructured":"Chromium Bug Tracker. 2020 b. Issue 1137630: PDFium heap-use-after-free. Online https:\/\/crbug.com\/1137630.  Chromium Bug Tracker. 2020 b. Issue 1137630: PDFium heap-use-after-free. Online https:\/\/crbug.com\/1137630."},{"key":"e_1_3_2_1_24_1","unstructured":"Chromium Bug Tracker. 2020 c. Issue 1146670: TFC chrome full chain. Online https:\/\/crbug.com\/1146670.  Chromium Bug Tracker. 2020 c. Issue 1146670: TFC chrome full chain. Online https:\/\/crbug.com\/1146670."},{"key":"e_1_3_2_1_25_1","unstructured":"Chromium Bug Tracker. 2020 d. Issue 706008: Extensions support in headless Chrome. Online https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=706008.  Chromium Bug Tracker. 2020 d. Issue 706008: Extensions support in headless Chrome. Online https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=706008."},{"key":"e_1_3_2_1_26_1","unstructured":"Chromium Bug Tracker. 2021. Issue 1138143: segmentation fault in mojom. Online https:\/\/crbug.com\/1138143.  Chromium Bug Tracker. 2021. Issue 1138143: segmentation fault in mojom. Online https:\/\/crbug.com\/1138143."},{"key":"e_1_3_2_1_27_1","volume-title":"Blog or block: Detecting blog bots through behavioral biometrics. Computer Networks","author":"Chu Zi","year":"2013","unstructured":"Zi Chu , Steven Gianvecchio , Aaron Koehl , Haining Wang , and Sushil Jajodia . 2013. Blog or block: Detecting blog bots through behavioral biometrics. Computer Networks ( 2013 ). Zi Chu, Steven Gianvecchio, Aaron Koehl, Haining Wang, and Sushil Jajodia. 2013. Blog or block: Detecting blog bots through behavioral biometrics. Computer Networks (2013)."},{"key":"e_1_3_2_1_28_1","unstructured":"d0nut. 2018. HackerOne: SSRF on duckduckgo.com\/iu\/. Online https:\/\/hackerone.com\/reports\/398641.  d0nut. 2018. HackerOne: SSRF on duckduckgo.com\/iu\/. Online https:\/\/hackerone.com\/reports\/398641."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14215-4_7"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14527-8_1"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978313"},{"key":"e_1_3_2_1_32_1","volume-title":"Proc. of Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA).","author":"Flake Halvar","year":"2004","unstructured":"Halvar Flake . 2004 . Structural comparison of executable objects . In Proc. of Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). Halvar Flake. 2004. Structural comparison of executable objects. In Proc. of Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)."},{"key":"e_1_3_2_1_33_1","unstructured":"Google. 2021. Chrome keeps you up to date. Online https:\/\/www.google.com\/chrome\/update\/.  Google. 2021. Chrome keeps you up to date. Online https:\/\/www.google.com\/chrome\/update\/."},{"key":"e_1_3_2_1_34_1","unstructured":"Google. 2021. Chrome Release Cycle. Online https:\/\/chromium.googlesource.com\/chromium\/src\/\/master\/docs\/process\/release_cycle.md.  Google. 2021. Chrome Release Cycle. Online https:\/\/chromium.googlesource.com\/chromium\/src\/\/master\/docs\/process\/release_cycle.md."},{"key":"e_1_3_2_1_35_1","unstructured":"Google. 2021. Puppeteer. Online https:\/\/pptr.dev\/.  Google. 2021. Puppeteer. Online https:\/\/pptr.dev\/."},{"key":"e_1_3_2_1_36_1","unstructured":"Google. 2021. Understanding your Chrome Browser update options. Online https:\/\/services.google.com\/fh\/file\/misc\/chromeenterprisebrowser_updatestrategies_mktgwp_5.1.19.pdf.  Google. 2021. Understanding your Chrome Browser update options. Online https:\/\/services.google.com\/fh\/file\/misc\/chromeenterprisebrowser_updatestrategies_mktgwp_5.1.19.pdf."},{"key":"e_1_3_2_1_37_1","unstructured":"Google Developers. 2020. Chrome DevTools. Online https:\/\/developers.google.com\/web\/tools\/chrome-devtools\/.  Google Developers. 2020. Chrome DevTools. Online https:\/\/developers.google.com\/web\/tools\/chrome-devtools\/."},{"key":"e_1_3_2_1_38_1","unstructured":"Google Developers. 2021. Lighthouse. Online https:\/\/developers.google.com\/web\/tools\/lighthouse.  Google Developers. 2021. Lighthouse. Online https:\/\/developers.google.com\/web\/tools\/lighthouse."},{"key":"e_1_3_2_1_39_1","unstructured":"Google Groups. 2021. Q4 2019 Summary from Chrome Security. Online https:\/\/groups.google.com\/a\/chromium.org\/g\/security-dev\/c\/fbiuFbW07vI.  Google Groups. 2021. Q4 2019 Summary from Chrome Security. Online https:\/\/groups.google.com\/a\/chromium.org\/g\/security-dev\/c\/fbiuFbW07vI."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062363"},{"key":"e_1_3_2_1_41_1","unstructured":"Ariya Hidayat. 2018. GitHub: PhantomJS -- Archiving the project: suspending the development. Online https:\/\/github.com\/ariya\/phantomjs\/issues\/15344.  Ariya Hidayat. 2018. GitHub: PhantomJS -- Archiving the project: suspending the development. Online https:\/\/github.com\/ariya\/phantomjs\/issues\/15344."},{"key":"e_1_3_2_1_42_1","unstructured":"Ariya Hidayat. 2020. PhantomJS: Scriptable Headless Browser. Online https:\/\/phantomjs.org\/.  Ariya Hidayat. 2020. PhantomJS: Scriptable Headless Browser. Online https:\/\/phantomjs.org\/."},{"key":"e_1_3_2_1_43_1","volume-title":"Proc. of USENIX Workshop on Offensive Technologies (WOOT).","author":"Ho Grant","year":"2014","unstructured":"Grant Ho , Dan Boneh , Lucas Ballard , and Niels Provos . 2014 . Tick Tock: Building Browser Red Pills from Timing Side Channels . In Proc. of USENIX Workshop on Offensive Technologies (WOOT). Grant Ho, Dan Boneh, Lucas Ballard, and Niels Provos. 2014. Tick Tock: Building Browser Red Pills from Timing Side Channels. In Proc. of USENIX Workshop on Offensive Technologies (WOOT)."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/775152.775174"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.50"},{"key":"e_1_3_2_1_46_1","unstructured":"Noriaki Iwasaki. 2019. HackerOne: SSRF in Search.gov via ?url= parameter. Online https:\/\/hackerone.com\/reports\/514224.  Noriaki Iwasaki. 2019. HackerOne: SSRF in Search.gov via ?url= parameter. Online https:\/\/hackerone.com\/reports\/514224."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3412841.3442036"},{"key":"e_1_3_2_1_48_1","volume-title":"Proc. of USENIX Security Symposium.","author":"Jacob Gregoire","year":"2012","unstructured":"Gregoire Jacob , Engin Kirda , Christopher Kruegel , and Giovanni Vigna . 2012 . PUBCRAWL: Protecting Users and Businesses from CRAWLers . In Proc. of USENIX Security Symposium. Gregoire Jacob, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2012. PUBCRAWL: Protecting Users and Businesses from CRAWLers. In Proc. of USENIX Security Symposium."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.14722\/madweb.2020.23008"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135817"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW51379.2020.00094"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23386"},{"key":"e_1_3_2_1_53_1","volume-title":"Proc. of USENIX Security Symposium.","author":"Leontiadis Nektarios","year":"2011","unstructured":"Nektarios Leontiadis , Tyler Moore , and Nicolas Christin . 2011 . Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade .. In Proc. of USENIX Security Symposium. Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. 2011. Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade.. In Proc. of USENIX Security Symposium."},{"key":"e_1_3_2_1_54_1","unstructured":"Jonathan R Mayer. 2009. Any person... a pamphleteer\": Internet Anonymity in the Age of Web 2.0.  Jonathan R Mayer. 2009. Any person... a pamphleteer\": Internet Anonymity in the Age of Web 2.0."},{"key":"e_1_3_2_1_55_1","volume-title":"Proc. of IEEE Symposium on Security and Privacy.","author":"Jonathan","unstructured":"Jonathan R. Mayer and John C. Mitchell. 2012. Third-Party Web Tracking: Policy and Technology . In Proc. of IEEE Symposium on Security and Privacy. Jonathan R. Mayer and John C. Mitchell. 2012. Third-Party Web Tracking: Policy and Technology. In Proc. of IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_56_1","volume-title":"Proc. of USENIX Security Symposium.","author":"Ming Jiang","year":"2017","unstructured":"Jiang Ming , Dongpeng Xu , Yufei Jiang , and Dinghao Wu . 2017 . BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking . In Proc. of USENIX Security Symposium. Jiang Ming, Dongpeng Xu, Yufei Jiang, and Dinghao Wu. 2017. BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking. In Proc. of USENIX Security Symposium."},{"key":"e_1_3_2_1_57_1","unstructured":"Martin Monperrus. 2021. GitHub: crawler-user-agents. Online https:\/\/github.com\/monperrus\/crawler-user-agents.  Martin Monperrus. 2021. GitHub: crawler-user-agents. Online https:\/\/github.com\/monperrus\/crawler-user-agents."},{"key":"e_1_3_2_1_58_1","volume-title":"Proc. of IEEE S&P Web 2.0 Security & Privacy Workshop (W2SP).","author":"Mowery Keaton","year":"2011","unstructured":"Keaton Mowery , Dillon Bogenreif , Scott Yilek , and Hovav Shacham . 2011 . Fingerprinting Information in JavaScript Implementations . In Proc. of IEEE S&P Web 2.0 Security & Privacy Workshop (W2SP). Keaton Mowery, Dillon Bogenreif, Scott Yilek, and Hovav Shacham. 2011. Fingerprinting Information in JavaScript Implementations. In Proc. of IEEE S&P Web 2.0 Security & Privacy Workshop (W2SP)."},{"key":"e_1_3_2_1_59_1","unstructured":"Mozilla. 2021 a. GitHub: mdn\/browser-compat-data. Online https:\/\/github.com\/mdn\/browser-compat-data.  Mozilla. 2021 a. GitHub: mdn\/browser-compat-data. Online https:\/\/github.com\/mdn\/browser-compat-data."},{"key":"e_1_3_2_1_60_1","unstructured":"Mozilla. 2021 b. MDN Web Docs. Online https:\/\/developer.mozilla.org\/.  Mozilla. 2021 b. MDN Web Docs. Online https:\/\/developer.mozilla.org\/."},{"key":"e_1_3_2_1_61_1","unstructured":"Mozilla. 2021 c. Security Advisories for Firefox. Online https:\/\/www.mozilla.org\/en-US\/security\/known-vulnerabilities\/firefox\/.  Mozilla. 2021 c. Security Advisories for Firefox. Online https:\/\/www.mozilla.org\/en-US\/security\/known-vulnerabilities\/firefox\/."},{"key":"e_1_3_2_1_62_1","unstructured":"Mozilla. 2021 d. Update Firefox to the latest release. Online https:\/\/support.mozilla.org\/en-US\/kb\/update-firefox-latest-release.  Mozilla. 2021 d. Update Firefox to the latest release. Online https:\/\/support.mozilla.org\/en-US\/kb\/update-firefox-latest-release."},{"key":"e_1_3_2_1_63_1","volume-title":"Proc. of IEEE S&P Web 2.0 Security & Privacy Workshop (W2SP).","author":"Mulazzani Martin","year":"2013","unstructured":"Martin Mulazzani , Philipp Reschl , Markus Huber , Manuel Leithner , Sebastian Schrittwieser , and Edgar Weippl . 2013 . Fast and Reliable Browser Identification with JavaScript Engine Fingerprinting . In Proc. of IEEE S&P Web 2.0 Security & Privacy Workshop (W2SP). Martin Mulazzani, Philipp Reschl, Markus Huber, Manuel Leithner, Sebastian Schrittwieser, and Edgar Weippl. 2013. Fast and Reliable Browser Identification with JavaScript Engine Fingerprinting. In Proc. of IEEE S&P Web 2.0 Security & Privacy Workshop (W2SP)."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-22038-9_2"},{"key":"e_1_3_2_1_65_1","unstructured":"Jeongwook Oh. 2009. Fight against 1-day exploits: Diffing Binaries vs Anti-diffing Binaries. Online http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.694.8684&rep=rep1&type=pdf.  Jeongwook Oh. 2009. Fight against 1-day exploits: Diffing Binaries vs Anti-diffing Binaries. Online http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.694.8684&rep=rep1&type=pdf."},{"key":"e_1_3_2_1_66_1","unstructured":"Open Web Application Security Project. 2021. Blind SQL Injection. Online https:\/\/owasp.org\/www-community\/attacks\/Blind_SQL_Injection.  Open Web Application Security Project. 2021. Blind SQL Injection. Online https:\/\/owasp.org\/www-community\/attacks\/Blind_SQL_Injection."},{"key":"e_1_3_2_1_67_1","unstructured":"Orange Tsai. 2017. A New Era of SSRF -- Exploiting URL Parser in Trending Programming Languages. Online https:\/\/www.blackhat.com\/docs\/us-17\/thursday\/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf.  Orange Tsai. 2017. A New Era of SSRF -- Exploiting URL Parser in Trending Programming Languages. Online https:\/\/www.blackhat.com\/docs\/us-17\/thursday\/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf."},{"key":"e_1_3_2_1_68_1","unstructured":"OWASP. 2021. OWASP Top 10. Online https:\/\/owasp.org\/Top10\/.  OWASP. 2021. OWASP Top 10. Online https:\/\/owasp.org\/Top10\/."},{"key":"e_1_3_2_1_69_1","unstructured":"James Pearce. 2021. First Understand Your Screen. Online https:\/\/tripleodeon.com\/2011\/12\/first-understand-your-screen\/.  James Pearce. 2021. First Understand Your Screen. Online https:\/\/tripleodeon.com\/2011\/12\/first-understand-your-screen\/."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_18"},{"key":"e_1_3_2_1_71_1","unstructured":"PortSwigger. 2021 a. Burp Suite. Online https:\/\/portswigger.net\/burp.  PortSwigger. 2021 a. Burp Suite. Online https:\/\/portswigger.net\/burp."},{"key":"e_1_3_2_1_72_1","unstructured":"PortSwigger. 2021 b. SSRF via the Referer header. Online https:\/\/portswigger.net\/web-security\/ssrf.  PortSwigger. 2021 b. SSRF via the Referer header. Online https:\/\/portswigger.net\/web-security\/ssrf."},{"key":"e_1_3_2_1_73_1","unstructured":"PortSwigger Ltd. 2021 a. Cracking the lens: Targeting HTTP's Hidden Attack-Surface. Online https:\/\/portswigger.net\/research\/cracking-the-lens-targeting-https-hidden-attack-surface.  PortSwigger Ltd. 2021 a. Cracking the lens: Targeting HTTP's Hidden Attack-Surface. Online https:\/\/portswigger.net\/research\/cracking-the-lens-targeting-https-hidden-attack-surface."},{"key":"e_1_3_2_1_74_1","unstructured":"PortSwigger Ltd. 2021 b. GitHub: collaborator-everywhere. Online https:\/\/github.com\/PortSwigger\/collaborator-everywhere.  PortSwigger Ltd. 2021 b. GitHub: collaborator-everywhere. Online https:\/\/github.com\/PortSwigger\/collaborator-everywhere."},{"key":"e_1_3_2_1_75_1","unstructured":"Project Zero. 2021. In-the-Wild Series: October 2020 0-day discovery. Online https:\/\/googleprojectzero.blogspot.com\/2021\/03\/in-wild-series-october-2020-0-day.html.  Project Zero. 2021. In-the-Wild Series: October 2020 0-day discovery. Online https:\/\/googleprojectzero.blogspot.com\/2021\/03\/in-wild-series-october-2020-0-day.html."},{"key":"e_1_3_2_1_76_1","volume-title":"Proc. of USENIX Workshop on Offensive Technologies (WOOT).","author":"Sp\u00e4th Christopher","year":"2016","unstructured":"Christopher Sp\u00e4th , Christian Mainka , Vladislav Mladenov , and J\u00f6rg Schwenk . 2016 . SoK:{XML} parser vulnerabilities . In Proc. of USENIX Workshop on Offensive Technologies (WOOT). Christopher Sp\u00e4th, Christian Mainka, Vladislav Mladenov, and J\u00f6rg Schwenk. 2016. SoK:{XML} parser vulnerabilities. In Proc. of USENIX Workshop on Offensive Technologies (WOOT)."},{"key":"e_1_3_2_1_77_1","unstructured":"SpeedCurve Ltd. 2021. SpeedCurve: Monitor front-end performance. Online https:\/\/speedcurve.com\/.  SpeedCurve Ltd. 2021. SpeedCurve: Monitor front-end performance. Online https:\/\/speedcurve.com\/."},{"key":"e_1_3_2_1_78_1","unstructured":"StackOverflow Community. 2020. How to detect Safari Chrome IE Firefox and Opera browser? Online https:\/\/stackoverflow.com\/a\/9851769.  StackOverflow Community. 2020. How to detect Safari Chrome IE Firefox and Opera browser? Online https:\/\/stackoverflow.com\/a\/9851769."},{"key":"e_1_3_2_1_79_1","volume-title":"Dikaiakos","author":"Stassopoulou Athena","year":"2009","unstructured":"Athena Stassopoulou and Marios D . Dikaiakos . 2009 . Web robot detection: A probabilistic reasoning approach. Computer Networks . Athena Stassopoulou and Marios D. Dikaiakos. 2009. Web robot detection: A probabilistic reasoning approach. Computer Networks."},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24252"},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.14722\/madweb.2020.23010"},{"key":"e_1_3_2_1_82_1","unstructured":"Paul Vorbach. 2021 a. npm-stat: phantomjs. Online https:\/\/npm-stat.com\/charts.html?package=phantomjs&from=2015-01-25&to=2021-02-24.  Paul Vorbach. 2021 a. npm-stat: phantomjs. Online https:\/\/npm-stat.com\/charts.html?package=phantomjs&from=2015-01-25&to=2021-02-24."},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663738"},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046763"},{"key":"e_1_3_2_1_85_1","unstructured":"Haitao Xu Zhao Li Chen Chu Yuanmi Chen Yifan Yang Haifeng Lu Haining Wang and Angelos Stavrou. 2018. Detecting and Characterizing Web Bot Traffic in a Large E-commerce Marketplace. In Computer Security.  Haitao Xu Zhao Li Chen Chu Yuanmi Chen Yifan Yang Haifeng Lu Haining Wang and Angelos Stavrou. 2018. Detecting and Characterizing Web Bot Traffic in a Large E-commerce Marketplace. In Computer Security."},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.49"}],"event":{"name":"ASIA CCS '22: ACM Asia Conference on Computer and Communications Security","location":"Nagasaki Japan","acronym":"ASIA CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3488932.3517414","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3488932.3517414","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:30Z","timestamp":1750193310000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3488932.3517414"}},"subtitle":["Exploring the Web's Hidden Attack Surface"],"short-title":[],"issued":{"date-parts":[[2022,5,30]]},"references-count":86,"alternative-id":["10.1145\/3488932.3517414","10.1145\/3488932"],"URL":"https:\/\/doi.org\/10.1145\/3488932.3517414","relation":{},"subject":[],"published":{"date-parts":[[2022,5,30]]},"assertion":[{"value":"2022-05-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}