Saturday, 31 August 2013

How To Anonymize OS And Browser Details Using User-Agent Spoofing

What is User-Agent??:
User-Agent is often used for content negotiation, where the origin server selects suitable content or operating parameters for the response of client client's request. For example, the User-Agent string of visitor might be used by server to deliver the contents compatible with client's OS or browser.
User-Agent information is sent to server through HTTP-headers which tell server a lot about client's OS and browser version.

User-Agent String Format For Browers:
Most Web browsers use a User-Agent value as follows:  

Mozilla/[version] ([system and browser information]) [platform] ([platform details]) [extensions].  

For example, Safari on the iPad has used the following:
 
Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405

The components of this string are as follows:

  • Mozilla/5.0: Previously used to indicate compatibility with the Mozilla rendering engine
  • (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us): Details of the system in which the browser is running
  • AppleWebKit/531.21.10: The platform the browser uses
  • (KHTML, like Gecko): Browser platform details
  • Mobile/7B405: This is used by the browser to indicate specific enhancements that are available directly in the browser or through third parties. An example of this is Microsoft Live Meeting which registers an extension so that the Live Meeting service knows if the software is already installed, which means it can provide a streamlined experience to joining meetings.
Format for Automated Agents (Bots):
Automated web crawling tools can use a simplified form, where an important field is contact information in case of problems. By convention the word "bot" is included in the name of the agent. For example:
 Googlebot/2.1 (+http://www.google.com/bot.html) 
How Websites Detect Visitor's OS and Browser:
As I have shown in above user-agent string format for browser that OS and system information can be extracted from your visitor's user-agent string. You can see below your OS and Browser information.
Note: This detection is simple. So, Android OS will showed as Unix.


Countermeasures:
Well, how can we fool some site and give some bogus info . This thing can be done by user-agent spoofing. 

User-Agent Spoofing:
User-agent spoofing is a technique in which we replace user-agent string of our browser with a user-agent string of some other browser or Bot. In this tutorial, I will show user-agent spoofing method for Mozilla Firefox and Google Chrome. So lets start. 

User-Agent Spoofing In Firefox: 
To do user-agent spoofing in firefox, we will use an addon named user-agent switcher

Click here to install user-agent switcher in your firefox.

Now everything is ready, so now we only need a user-agent string to replace with our current user-agent string. You can get user-agent string of any browser from here.
1- Just copy user-agent string of any browser and open user-agent switcher addon of firefox. 
2- Then click on "Edit User Agents.." and there click on "New" which will open a drop down menu, there click on "New User Agent".
user-agent-switcher
3- Now click in user agent text field as showed in above image and replace this string with our newer user agent string. 
4- Add description to remember that which user agent string it is and click OK. 
5- This new user agent will appear in your user agents dialogue box. Now click on it and click OK. Now we are using this new user agent.
6- To check either new user-agent working or not, refresh your browser page and see either my tutorial is detecting your OS and browser or not.

User-Agent Spoofing In Google Chrome: 
For google chrome users, a google chrome extension if available named user-agent switcher which can be installed from here.
Its interface is easy to use so no more information need to be provided.
google chrome user agent switcher
Select any user agent from list, come on my site and check my site is detecting your OS and Brower version or not. Thanks for reading this tutorial. If you feel any trouble while following this tutorial then you may ask in comments.