Nmap Development mailing list archives
Re: [NSE] http-mobileversion-checker.nse
From: blake () marigoldtech com
Date: Tue, 6 Aug 2013 17:49:32 +0700
The attached script sets an Android User-Agent header and checks if the website will redirect to a mobile-version. If it does, it also checks if this version lies within the target host.Very nice, George and Patrick! It's a clever script idea. You might consider adding another sentence or two about how this works to the description. Right now you have more information in comments, but users aren't as likely to see those. It is starting me wondering what other user agents might trigger different pages. For example, some sites might give different pages if you pretend to be a Google crawler.
The vast majority of sites will behave exactly the same way regardless of the changes in the User Agent string, but those that do 'adapt' to changes represent an intriguing subset consisting of rather sophisticated websites. As fodder for more ideas along these lines, additional User Agent modifications can include other devices such as: iPad, iPhone, Blackberry, Android, Windows clients, Mac OSX clients, *nix clients, lynx, cURL, GoogleBot, BingBot, etc. One can also modify the language in the User Agent string to determine if the site is coded for language detection and even determining which language the site 'speaks' by testing a list of different languages. Finally, given the resources, the originating IP address can potentially come from different parts of the globe to determine to what extent the site leverages localization. There is a handy tool that pings an IP address or host from over 50 monitoring stations globally. If the host IP changes, then that is an indication that the site has localization capabilities. If the target IP address remains the same...well it should be obvious what that means: http://cloudmonitor.ca.com/en/ping.php? _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-mobileversion-checker.nse George Chatzisofroniou (Jul 28)
- Re: [NSE] http-mobileversion-checker.nse Fyodor (Aug 06)
- Re: [NSE] http-mobileversion-checker.nse blake (Aug 06)
- Re: [NSE] http-mobileversion-checker.nse George Chatzisofroniou (Aug 09)
- Re: [NSE] http-mobileversion-checker.nse George Chatzisofroniou (Aug 10)
- Re: [NSE] http-mobileversion-checker.nse Fyodor (Aug 06)