Published September 20, 2020 | Version v2
Dataset Open

Dataset used for fingerprinting of DNS over HTTPS responses.

  • 1. CESNET z.s.p.o.


 The dataset consists of multiple different data sources:

  1. DoH enabled Firefox on Linux OS
  2. DoH enabled Firefox on Windows 10 OS
  3. DoH enabled Chrome on Windows 10 OS


We captured the traffic from the DoH enabled web-browsers using tcpdump. To automate the process of traffic generation, we installed Google Chrome and Mozilla Firefox into separate virtual machines and controlled them with the Selenium framework shows detailed information about used browsers and environments). Selenium simulates a user's browsing according to the predefined script and a list of domain names (i.e., URLs from Alexa's top websites list in our case).  The selenium was configured to visit pages in random order multiple times. For capturing the traffic, we used the default settings of each browser. We did not disable the DNS cache of the browser, and the random order of visiting webpages secures that the dataset contains traces influenced by DNS caching mechanisms. Each virtual machine was configured to export TLS cryptographic keys, that was used for decrypting the traffic using WireShark application. 

The WireShark text output of the decrypted traffic is provided in the dataset files. The detailed information about each file is provided in dataset README.





Files (105.9 MB)

Name Size Download all
105.9 MB Download

Additional details


SAPPAN – Sharing and Automation for Privacy Preserving Attack Neutralization 833418
European Commission