WebApp Sec mailing list archives
user agent string database
From: "Robin Wood" <dninja () gmail com>
Date: Sat, 4 Oct 2008 10:33:45 +0100
2008/10/4 Dave Ferguson <gmdavef () gmail com>:
"sbcydsl" looks like the AT&T (formerly SBC) Yahoo-branded browser for DSL customers. And "YPC" is probably Yahoo Parental Controls. Not too exciting. sorry
It could be exciting if you found a vulnerability in the Yahoo Parental Control, or you knew that a toolbar included with the branded browser had problems. Then you would be able to target specific exploits at that user. Most of the exploits I've seen just work out browser version (IE 6, 7 etc), this would allow more fine grained targetting. Robin
On Thu, Oct 2, 2008 at 7:11 PM, Robin Wood <dninja () gmail com> wrote:2008/10/3 Serg B <sergeslists () gmail com>:http://www.pgts.com.au/pgtsj/pgtsj0208c.htmlClose but not quiet, first, looking at the section with MSIE, it was last updated "03-Apr-2005 18:06 GMT", second, what I'm after is a breakdown of the whole string, not just what the browser is, so from: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; YPC 3.0.3; sbcydsl 3.12; FunWebProducts; Alexa Toolbar) What is sbcydsl 3.12? I'm thinking of putting a site together which breaks the string down into its component parts and reports back on each of them if it knows, so for this you'd get: MSIE 6.0 = IE 6 Windows NT 5.0 = windows 2000 YPC 3.0.3 = Don't know etc Does anyone think this would be useful? I can easily write a site to do this which will accept new data, the only problem will be populating it, there I would need your help. RobinEnjoy On Thu, Oct 2, 2008 at 6:34 PM, Robin Wood <dninja () gmail com> wrote:Hi Can anyone recommend a good, up-to-date, searchable UA database? I've just googled a few but the ones I've found have either been out of date or just long lists of known ones with no real descriptions of what they relate to. I'm after something that will take a string such as: "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" and suggest what browser, OS, service pack/patch level and what extras they have installed. I know that it can't be 100% accurate and some parts are obvious (e.g. browser) but it would be nice to just throw the string into something and have a description come back. If it doesn't exist, would anyone else find it useful? Building a system to do this wouldn't be too hard, it would be populating it that would take some time and effort. Robin ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- user agent string database Robin Wood (Oct 02)
- Re: user agent string database Serg B (Oct 02)
- Re: user agent string database Robin Wood (Oct 02)
- Re: user agent string database Gregory Rubin (Oct 03)
- Re: user agent string database Robin Wood (Oct 03)
- Re: user agent string database Dee (Oct 03)
- Re: user agent string database Dave Ferguson (Oct 08)
- Message not available
- user agent string database Robin Wood (Oct 08)
- Re: user agent string database Robin Wood (Oct 02)
- Re: user agent string database Serg B (Oct 02)