phranque
msg:3610661 | 1:34 am on Mar 26, 2008 (gmt 0) |
have you checked the values of all your sent headers?
cleared your cookies?
|
vincevincevince
msg:3610690 | 2:11 am on Mar 26, 2008 (gmt 0) |
Capabilities are far harder to spoof. A simple test is to check if various javascript objects or methods known to only be supported in certain browsers or operating system implementations of those browsers exists.
|
Sunnz
msg:3610790 | 5:55 am on Mar 26, 2008 (gmt 0) |
No I haven't checked all values sent... I don't know what to look for... As for cookies, I used several laptops that has not been to firefox's website... so I think it is irrelevant. Yes browser capabilities can be used to determinate the browser... but what about the OS? I ran Firefox on different OS's and the mozilla firefox home page can still detect the real OS reliably.
|
Sunnz
msg:3610791 | 5:56 am on Mar 26, 2008 (gmt 0) |
I guess the real question is... does anyone know how can you prevent firefox's homepage's OS detection... if you can do that, you would have know what technique they used, right?
|
phranque
msg:3610835 | 7:32 am on Mar 26, 2008 (gmt 0) |
welcome to WebmasterWorld [webmasterworld.com], Sunnz! have you tried spoofing the user agent AND turning off javascript? | As for cookies, I used several laptops that has not been to firefox's website... so I think it is irrelevant. |
|
it may be irrelevant but if you are redirected to the page you see it isn't technically your first visit...
|
Achernar
msg:3610942 | 11:49 am on Mar 26, 2008 (gmt 0) |
They use this technique: | // Borrowed from addons.mozilla.org - thanks :) var PLATFORM_OTHER = 0;
var PLATFORM_WINDOWS = 1;
var PLATFORM_LINUX = 2;
var PLATFORM_MACOSX = 3;
var PLATFORM_MAC = 4; // Default to windows
var gPlatform = PLATFORM_WINDOWS; if (navigator.platform.indexOf("Win32") != -1)
gPlatform = PLATFORM_WINDOWS;
else if (navigator.platform.indexOf("Linux") != -1)
gPlatform = PLATFORM_LINUX;
else if (navigator.userAgent.indexOf("Mac OS X") != -1)
gPlatform = PLATFORM_MACOSX;
else if (navigator.userAgent.indexOf("MSIE 5.2") != -1)
gPlatform = PLATFORM_MACOSX;
else if (navigator.platform.indexOf("Mac") != -1)
gPlatform = PLATFORM_MAC;
else
gPlatform = PLATFORM_OTHER; |
|
|
Sunnz
msg:3610950 | 11:59 am on Mar 26, 2008 (gmt 0) |
Well turning off JavaScript does the trick, so they indeed used JavaScript. And I tried changing the user agent string within my web browser, it indeed seems like what they use! Sometimes I got weird result.
|
Achernar
msg:3611004 | 1:18 pm on Mar 26, 2008 (gmt 0) |
The useragent string is only used to detect MacOSX.
|
Sunnz
msg:3611016 | 1:33 pm on Mar 26, 2008 (gmt 0) |
Ah, I see, detecting OS can be pretty complicated even with JavaScript?
|
Achernar
msg:3611080 | 2:37 pm on Mar 26, 2008 (gmt 0) |
It depend on what information the browser shows to javascript.
Their method is also pretty basic. On the same front you have browser detection. I've seen most sites, even google, using basic detection that can be spoofed easily by simply changing the user-agent. In fact there are alternative methods to better detect the type of browser. So far, the code I use hasn't reported false positives (100% reliable for FF, IE, Op). I'm sure a solid method can also be devised for OS detection.
|
|
