homepage Welcome to WebmasterWorld Guest from 54.204.58.87
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
Forum Library, Charter, Moderators: Receptional & mademetop

Website Analytics - Tracking and Logging Forum

    
OS Detection without Useragent String?
See firefox home page.
Sunnz




msg:3610163
 4:29 pm on Mar 25, 2008 (gmt 0)

Hi, first poster here I guess... hope my question isn't too n00bish.

I've been playing around with useragent string lately, because it seems to be the way of detecting user's browser/OS... but it can be very unreliable, as these can be changed very easily with modern web browsers.

But if you look at web sites like www.mozilla.com/firefox, it seems like they are not using the useragent string for OS detection! Today I have modify my useragent string to a non-existing OS and browser, and mozilla.com is still be to detect my real OS!

So I am wondering how did they do that? Is there some other techniques for OS detection? They are not using OS fingerprinting are they?

Thanks.

 

phranque




msg:3610661
 1:34 am on Mar 26, 2008 (gmt 0)

have you checked the values of all your sent headers?
cleared your cookies?

vincevincevince




msg:3610690
 2:11 am on Mar 26, 2008 (gmt 0)

Capabilities are far harder to spoof. A simple test is to check if various javascript objects or methods known to only be supported in certain browsers or operating system implementations of those browsers exists.

Sunnz




msg:3610790
 5:55 am on Mar 26, 2008 (gmt 0)

No I haven't checked all values sent... I don't know what to look for...

As for cookies, I used several laptops that has not been to firefox's website... so I think it is irrelevant.

Yes browser capabilities can be used to determinate the browser... but what about the OS? I ran Firefox on different OS's and the mozilla firefox home page can still detect the real OS reliably.

Sunnz




msg:3610791
 5:56 am on Mar 26, 2008 (gmt 0)

I guess the real question is... does anyone know how can you prevent firefox's homepage's OS detection... if you can do that, you would have know what technique they used, right?

phranque




msg:3610835
 7:32 am on Mar 26, 2008 (gmt 0)

welcome to WebmasterWorld [webmasterworld.com], Sunnz!

have you tried spoofing the user agent AND turning off javascript?

As for cookies, I used several laptops that has not been to firefox's website... so I think it is irrelevant.

it may be irrelevant but if you are redirected to the page you see it isn't technically your first visit...

Achernar




msg:3610942
 11:49 am on Mar 26, 2008 (gmt 0)

They use this technique:

// Borrowed from addons.mozilla.org - thanks :)

var PLATFORM_OTHER = 0;
var PLATFORM_WINDOWS = 1;
var PLATFORM_LINUX = 2;
var PLATFORM_MACOSX = 3;
var PLATFORM_MAC = 4;

// Default to windows
var gPlatform = PLATFORM_WINDOWS;

if (navigator.platform.indexOf("Win32") != -1)
gPlatform = PLATFORM_WINDOWS;
else if (navigator.platform.indexOf("Linux") != -1)
gPlatform = PLATFORM_LINUX;
else if (navigator.userAgent.indexOf("Mac OS X") != -1)
gPlatform = PLATFORM_MACOSX;
else if (navigator.userAgent.indexOf("MSIE 5.2") != -1)
gPlatform = PLATFORM_MACOSX;
else if (navigator.platform.indexOf("Mac") != -1)
gPlatform = PLATFORM_MAC;
else
gPlatform = PLATFORM_OTHER;


Sunnz




msg:3610950
 11:59 am on Mar 26, 2008 (gmt 0)

Well turning off JavaScript does the trick, so they indeed used JavaScript.

And I tried changing the user agent string within my web browser, it indeed seems like what they use! Sometimes I got weird result.

Achernar




msg:3611004
 1:18 pm on Mar 26, 2008 (gmt 0)

The useragent string is only used to detect MacOSX.

Sunnz




msg:3611016
 1:33 pm on Mar 26, 2008 (gmt 0)

Ah, I see, detecting OS can be pretty complicated even with JavaScript?

Achernar




msg:3611080
 2:37 pm on Mar 26, 2008 (gmt 0)

It depend on what information the browser shows to javascript.
Their method is also pretty basic.

On the same front you have browser detection. I've seen most sites, even google, using basic detection that can be spoofed easily by simply changing the user-agent. In fact there are alternative methods to better detect the type of browser. So far, the code I use hasn't reported false positives (100% reliable for FF, IE, Op). I'm sure a solid method can also be devised for OS detection.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved