A lot of anonymity does not happen - hide User-Agent

    The next attack of paranoia was quite justified - it came after reading an article on methods of anonymity on the network , where the author, using the FireFox browser as an example, talked about potential leaks of identification information. And it became interesting - how much of the announced solutions apply, say, to the Google Chrome browser ?
    Hide real IP - use different VPN servers, disable the lion's share of tracking scripts - Adblock Plus and Ghostery , remove Referer - no question, they forgot something else ... Oh yes - User-Agent is a kind of “fingerprint” by which (in conjunction, say, with IP) it is easy to identify the user. And something had to be done with this. The solutions found only statically changed the value of the User-Agent, which was clearly not enough. Then it was decided to write a plugin to hide the real User-Agent, and to be more precise - to replace it with a random one. Or almost random.

    For the impatient right away: GitHub sources and an extension to Google Webstore .



    Bit of theory


    In general, User-Agent (hereinafter referred to as UA ) is a necessary thing. First of all, it is necessary for the correct display of pages, because we all know that different versions of different browsers render pages differently, and caring web-programmers take this fact into account, giving the necessary browsers the necessary scripts and styles. Support for available technologies by engines varies. This implies the first requirement for the outcome - the ability to "simulate" different browsers, and most importantly - to be able to choose between them.
    UA is first and foremost a set. A set of different identifiers, by which the determination is made - which browser, which operating system, which version, and what specific software (hello, IE) the user has.
    Why exactly IP andUA must be hidden first? And let's look at the log of an empty stub site on which there is nothing at all:

    [meow@hosting /var/log]$ cat somesite.org.access_log | tail -3
    10.12.11.254 - - [25/Jul/2014:15:51:16 +0700] "GET / HTTP/1.0" 200 5768 "-""Mozilla/5.0 (compatible; MJ12bot/v1.4.5; http://www.majestic12.co.uk/bot.php?+)"
    10.12.11.254 - - [25/Jul/2014:15:57:38 +0700] "GET / HTTP/1.0" 200 5768 "-""Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)"
    10.12.11.254 - - [25/Jul/2014:19:19:25 +0700] "GET / HTTP/1.0" 200 5768 "-""Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0"


    There is nothing on the site, but I know about the visitor more than enough. All because "the logs know everything" ©.

    A bit of practice


    So, it was decided - we substitute the fake UA . But how to form it? I went along the path of collecting from a dozen UAs of each browser of interest, and writing a regular for each that will generate the most plausible and at the same time, and to some extent unique, fingerprint. Want an example? Here you have 10 UA browser “IE 9”, and among them are five real ones. Can you tell?

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; chromeframe/12.0.742.112)
    Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 6.0; Win64; x64; Trident/5.0; .NET CLR 3.8.50799; Media Center PC 6.0; .NET4.0E)
    Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 8.1; Trident/5.0; .NET4.0E; en-AU)
    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 2.0.50727; Media Center PC 6.0)
    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 8.0; WOW64; Trident/5.0; .NET CLR 2.7.40781; .NET4.0E; en-SG)
    Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 8.0; Win64; x64; Trident/5.0; .NET4.0E; en)
    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 2.0.50727; Media Center PC 6.0)
    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Zune 4.0; Tablet PC 2.0; InfoPath.3; .NET4.0C; .NET4.0E)
    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 7.0; Trident/5.0; .NET CLR 2.2.50767; Zune 4.2; .NET4.0E)
    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0

    Yes, it is possible, but it needs to be analyzed. Analyze, for example, which .net can stand on which OS, analyze versions and combinations, nuances. When they get lost in a heap, the task becomes little trivial. Who cares what the regulars look like - welcome to this link . The generation day was used by randexp.js (thanks for the hint to Habrachuvak under the nickname barkalov ).

    In general, the extension successfully impersonates the following browsers:
    • IE 6 to 10;
    • Chrome (Win / Mac / Linux);
    • Firefox (Win / Mac / Linux);
    • Safari (Win / Mac / Linux);
    • Opera (Win / Mac / Linux);
    • iPad and iPhone.

    What else is interesting? Automation . You tick off which browsers we simulate, check the box “Update automatically”, specify the time interval, and forget. Nothing extra. For the curious - look at the “background page” in the console - everything is not badly secured there.

    Open source. If there is a desire to finish for yourself, all that is needed is:
    1. Open the extension link on the github;
    2. Click "Download Zip" or clone;
    3. On the extensions page, put the checkbox “Developer mode”;
    4. Click "Download unpacked extension ..." and specify the path to the unpacked archive or clone;

    I would greatly appreciate constructive criticism and suggestions.

    Better to see once: Google Webstore

    Change history

    • 1.5 - Added exceptions, now it’s fashionable to add some URLs to the “white list”, and nothing will be substituted for them


    Good links:


    Also popular now: