{"id":11,"date":"2012-05-24T22:52:00","date_gmt":"2012-05-24T22:52:00","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=11"},"modified":"2020-07-01T18:58:39","modified_gmt":"2020-07-01T18:58:39","slug":"faking-all-user-agents","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2012\/05\/faking-all-user-agents\/","title":{"rendered":"Faking (all) user agents"},"content":{"rendered":"\n<p>If you are going to fake a user agent, do it right \ud83d\ude42 Seeing some web scanners faking all possible browsers out there in one single request:<\/p>\n\n\n\n<ul><li>Firefox\/3.6<\/li><li>Chrome\/9<\/li><li>Firefox\/3.0<\/li><li>Opera\/9.99?<\/li><li>Safari<\/li><li>and more..<\/li><\/ul>\n\n\n\n<p>This is the actual log (searching for vulnerable oscommerce files):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>66.147.240.166 \u2013 \u2013 &#91;24\/May\/2012:13:50:50 +0000] \u201cGET \/admin\/file_manager.php\/login.php HTTP\/1.1\u201d 404 9152 \u201c-\u201d \u201cMozilla\/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko\/20101026 Firefox\/3.6.12\\\u201d,\\\u201dMozilla\/5.0 (Windows; U; Windows NT 5.1; pl-PL; rv:1.8.1.24pre) Gecko\/20100228 K-Meleon\/1.5.4\\\u201d,\\\u201dMozilla\/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit\/540.0 (KHTML,like Gecko) Chrome\/9.1.0.0 Safari\/540.0\\\u201d,\\\u201dMozilla\/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit\/532.5 (KHTML, like Gecko) Comodo_Dragon\/4.1.1.11 Chrome\/4.1.249.1042 Safari\/532.5\\\u201d,\\\u201dMozilla\/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.0.16) Gecko\/2009122206 Firefox\/3.0.16 Flock\/2.5.6\\\u201d,\\\u201dMozilla\/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit\/533.1 (KHTML, like Gecko) Maxthon\/3.0.8.2 Safari\/533.1\\\u201d,\\\u201dMozilla\/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.8pre) Gecko\/20070928 Firefox\/2.0.0.7 Navigator\/9.0RC1\\\u201d,\\\u201dOpera\/9.99 (Windows NT 5.1; U; pl) Presto\/9.9.9\\\u201d,\\\u201dMozilla\/5.0 (Windows; U; Windows NT 6.1; zh-HK) AppleWebKit\/533.18.1 (KHTML, like Gecko) Version\/5.0.2 Safari\/533.18.5\\\u201d,\\\u201dSeamonkey-1.1.13-1(X11; U; GNU Fedora fc 10) Gecko\/20081112\\\u201d,\\\u201dMozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident\/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR<\/code><\/pre>\n\n\n\n<p>I wonder if it is a bug in their scanners or they did on purpose to bypass user agent restrictions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you are going to fake a user agent, do it right \ud83d\ude42 Seeing some web scanners faking all possible browsers out there in one single request: Firefox\/3.6 Chrome\/9 Firefox\/3.0 Opera\/9.99? Safari and more.. This is the actual log (searching for vulnerable oscommerce files): I wonder if it is a bug in their scanners or [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/11"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=11"}],"version-history":[{"count":2,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/11\/revisions"}],"predecessor-version":[{"id":87,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/11\/revisions\/87"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=11"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=11"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=11"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}