Closed mackensen closed 9 years ago
Hmmm, interesting. I wonder if the Adium signature should be for something more generic like a library that it and Spotify share... Or if this is some kind of collision.
Thanks for bringing it up, I'll dig into it when I'm on more than a cellphone ;)
That signature could still be an issue... which I'm looking into.
But I also noticed that my fingerprint cleanser script introduced some additional whitespace into files which was causing issues with a couple of fingerprints. I used it to remove test server names from the json files prior to uploading them here for derbycon and so had a few inaccurate prints included over the weekend.
I have fixed that issue now, so some signatures will be more accurate now. So it might be worth a retest with the latest version. I will do some proper tests on this signature though as this one in particular I have some suspicions about now
I have done some research and one of the Adium signatures (which I clever gave the same names to... oops) was actually a websockets connection made by Adium. Chrome also does this when it experiences a wss:// (websockets) link. I'm going to guess Spotify is also doing the same.
Changes here:
I've noticed that Spotify makes a number of requests when it starts up. Some of these haven't been fingerprinted yet but the majority are identified as coming from Adium (which wasn't running at the time). This is the full log:
Split out, here's the unidentified fingerprint:
This is Spotify
1.0.14.124.g4dfabc51
.