Skip to main content

User Agent Hackery (A Public Service Announcement)

I work for a company that uses a proxy filter on all web traffic within and out of the corporation. One of the tasks the filter has been assigned to do is to check the version of web browsers. If that given browser is not a sanctioned version, then it's blocked from reaching the Internets and the user is shown a warning page. This is because someone is under the belief that regardless of hosting OS, any browsers older than the current sanctioned releases are a security risk. This, of course, has all sorts of interesting consequences:
  • You can't use the old-and-busted browser to fetch one that's more up-to-date, or use the old-and-busted one to fetch a new-and-shiny alternative within the corporate network.
  • Not only does it block older versions, but newer versions, especially betas. For example, Fedora 14 updates delivered Google Chrome 10.0.648.82 Beta yesterday, and sure enough, our corporate proxy blocked it. I've also been running and testing Firefox 4 on my notebook in support of an ongoing project. Same issue.
The problem with a "security solution" such as this is how simply it is implemented, and thus how it can be so easily circumvented. In this particular case, circumvention is easily accomplished by changing the user agent string the browser spits out, because that's what the proxy is checking.

For the browsers in question I provide the following small table with each browser's method for changing their respective user agent string. These methods have worked since the early days of both browsers, and I sincerely hope their software engineering teams never remove this capability.

BrowserVersionMethod
Chrome10.0.648.82 BetaCommand line: --user-agent="String"
Quotes around String are required. Add as last argument.
Firefox4 Beta 11about:config browser page - general.useragent.override String
You'll need to add this as a new preference.

For String I use the following from Chrome 9 running on my Windows notebook, a version that is officially sanctioned at this point in time:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
If you ever need a user agent string, there is the site User Agent String.com. It will tell you what your browser's user agent string is, and it contains an extensive catalog of strings for your spoofing pleasure.

The only issue with this? Some outside sites use the user agent to set up Web 2.0 content specific to a given browser and its version. This can cause some sites to malfunction in the browser. For example, using the Chrome user agent string with Firefox 4 on Google Mail results in all sorts of hilarity. But since I can reach Google Mail with a sanctioned version of Chrome, it's not that painful for me.

Remember children, Your Mileage May Vary.

Rationale

Normally I'm not one to advocate security violations. Really, I'm not. But I'm also not stupid, or at least not deliberately so. With all the tasks I have on my plate, the last thing I need is for an IT staff that exhibits a poor grasp of issues and an unwillingness to spend the extra effort necessary for all of us to succeed in our jobs. To put it bluntly, if you become an unnecessary impediment I can and will go around you.

Comments

Popular posts from this blog

cat-in-a-box channels greta garbo

So I'm sitting at my computer, when I start to notice a racket in back. I ignore it for a while until I hear a load "thump!", as if something had been dropped on the floor, followed by a lot of loud rattling. I turn around and see Lucy in the box just having a grand old time, rolling around and rattling that box a good one. I grab the GX1 and snap a few shots before she notices me and the camera, then leaps out and back into her chair (which used to be my chair before she decided it was her chair).

Just like caring for Katie my black Lab taught me about dogs, caring for Lucy is teaching me about cats. She finds me fascinating, as I do her. And she expresses great affection and love toward me without coaxing. I try to return the affection and love, but she is a cat, and she takes a bat at me on occasion, although I think that's just her being playful. She always has her claws in when she does that.

She sits next to me during the evening in her chair while I sit in mi…

first night for the gingersnaps

The first night has passed and the two have managed to survive, in spite of what their tiny hearts might have thought when first arriving. Greebo, the larger of the two, has been in hiding the entire time so far. Ponder has spent the time zipping in and out of hiding spots, checking things out, and learning just how comfortable pillows are for resting your head.

During the night I felt the tiny body of Ponder hitting the bed as he leaped up on the side, and then climbed to the top to run around on top of me. At least once he play-attacked my fingers. He might be small but his claws are still quite sharp.

When I got up in the morning the bowl of cat kitten food was fairly well depleted. It's been refilled and fresh water put in the big dish on the floor. I'm assuming that both Greebo and Ponder are feeding and drinking. I have seen Greebo under the furniture peeking out at me when I went looking for him. I'm leaving him alone while he continues to adjust.

So far the guys h…

vm networking problem fixed

Over the weekend I upgraded to Windows 8.1, then discovered that networking for the virtual machines wouldn't work. Then I tried something incredibly simple and fixed the problem.

Checking the system I noticed that three VMware Windows services weren't running; VMnetDHCP, VMUSBArbService, and VMwareNatService. VMware Player allows you to install, remove, or fix an existing installation. I chose to try fixing the installation, and that fixed the problem. The services were re-installed/restarted, and the virtual machines had networking again.

Once network connectivity was established there was exactly one updated file for Ubuntu 13.10, a data file. This underscores how solid and finished the release was this time. Every other version of every other Linux installation I've ever dealt with has always been succeeded by boatloads of updates after the initial installation. But not this time.

Everything is working properly on my notebook. All's right with the world.