Nmap Development mailing list archives
Re: Default user agent patch
From: David Fifield <david () bamsoftware com>
Date: Tue, 22 Mar 2011 17:38:55 -0700
On Wed, Mar 23, 2011 at 12:22:10AM +0100, Hani Benhabiles wrote:
Hi list, I've noticed that in the http nselib the default user agent is hard coded as "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)" this could be easily detected by an IDS/IPS. I've attached a patch that changes it to the user agent pfa Firefox 3.6 web browser on a Windows 7 machine. This would make the http traffic generated look more authentic.
Thanks for taking the time to write a patch. The User-Agent was consciously chosen to include "Nmap Scripting Engine". Not every user of NSE is trying to evade an IDS, and any other static string we may use is just as easy to block. If anyone needs to change it, they should use the http.useragent script argument, as documented at http://nmap.org/nsedoc/lib/http. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Default user agent patch Hani Benhabiles (Mar 22)
- Re: Default user agent patch David Fifield (Mar 22)