Skip to content

auxiliary enum user_agent_test

Jump to bottom Edit New page
cktricky edited this page Apr 12, 2011 · 2 revisions

Author(s):

CG, Mubix, ChrisJohnRiley

Description:

This is a port of ChrisJohnRiley's UAtester. First we send three requests to ensure we are getting the same results back each time. Assuming we do, we iterate through our list of User-Agent strings and print any HTTP Response Headers that have changed.

Module Options:

BASELINE   true               true       Enables baseline checks for same Content-Length for same User-Agent requests
PROXYA                        false      Proxy IP Address
PROXYP                        false      Proxy Port Number
RURL       http://www.ex...   true       Target address

Options Explained (Module Specific):

BASELINE -- If enabled, 3 requests will be sent to verify that we can obtain a baseline request/response to compare the more odd, malicious, mobile or otherwise User Agent Strings sent to the Remote URL (RURL).

Real world example:

We'd like to determine if www.example.com has a mobile version of the site, a WAF, etc. so we decide to test it's reaction to various User-Agent(s). Additionally, we'd like to send everything thru an intercepting proxy. The following is an example:

set PROXYA 127.0.0.1
set PROXYP 8080
set RURL http://www.example.com

Note: We've not 'set BASELINE true' because by default BASELINE is set to true.

Add a custom footer
Add a custom sidebar
Clone this wiki locally