Tricking webserver into believing
Charles Steinkuehler
cstein at newtek.com
Fri Dec 14 15:03:11 CST 2001
> Anyone know how webservers query browsers for OS and browser info? I
> need to force my box at home to make 2 certain web addresses believe I
> am coming in from Windoze, with Explorer or Netscape 4.7 and using 128
> bit encryption. There has got to be a way to do this.
> I am currently running Mandrake 8.0 with a 2.4.16 kernel
> KDE 2.1.1 and
> Konqueror 2.1.1
> and Netscape 6.x
>
> I have talked with one of the sites and it's like talking to a stone
> wall.
> I have Konqueror supposedly transmitting a different string (user
> agent), but the servers always come back with the default value (well
> one does anyway, the other just gives me a raspberry). One of the sites
> supposedly supports Redhat 6.1.
>
> Grrr!
There are a few ways I'm aware of. The actual web server itself can
generally only look at the headers provided along with the http query.
These are generated by the browser, and may be at least partially under your
control (depends on your browser). You can usually put up a small CGI
script to see what headers your browser is sending...most web servers pass
all the provided headers along to CGI scripts in one form or another.
It's also possible for the actual web *content* to ID your browser. This is
done through various tricks, usually with java, java-script, or something
that actually executes on the client browser. It will likely be much harder
to 'trick' one of these sites...
Charles Steinkuehler
charles at steinkuehler.net
More information about the Kclug
mailing list