Welcome to WebmasterWorld Guest from 107.20.122.81

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

OS Detection without Useragent String?

See firefox home page.

     

Sunnz

4:29 pm on Mar 25, 2008 (gmt 0)

5+ Year Member



Hi, first poster here I guess... hope my question isn't too n00bish.

I've been playing around with useragent string lately, because it seems to be the way of detecting user's browser/OS... but it can be very unreliable, as these can be changed very easily with modern web browsers.

But if you look at web sites like www.mozilla.com/firefox, it seems like they are not using the useragent string for OS detection! Today I have modify my useragent string to a non-existing OS and browser, and mozilla.com is still be to detect my real OS!

So I am wondering how did they do that? Is there some other techniques for OS detection? They are not using OS fingerprinting are they?

Thanks.

phranque

1:34 am on Mar 26, 2008 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



have you checked the values of all your sent headers?
cleared your cookies?

vincevincevince

2:11 am on Mar 26, 2008 (gmt 0)

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Capabilities are far harder to spoof. A simple test is to check if various javascript objects or methods known to only be supported in certain browsers or operating system implementations of those browsers exists.

Sunnz

5:55 am on Mar 26, 2008 (gmt 0)

5+ Year Member



No I haven't checked all values sent... I don't know what to look for...

As for cookies, I used several laptops that has not been to firefox's website... so I think it is irrelevant.

Yes browser capabilities can be used to determinate the browser... but what about the OS? I ran Firefox on different OS's and the mozilla firefox home page can still detect the real OS reliably.

Sunnz

5:56 am on Mar 26, 2008 (gmt 0)

5+ Year Member



I guess the real question is... does anyone know how can you prevent firefox's homepage's OS detection... if you can do that, you would have know what technique they used, right?

phranque

7:32 am on Mar 26, 2008 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



welcome to WebmasterWorld [webmasterworld.com], Sunnz!

have you tried spoofing the user agent AND turning off javascript?

As for cookies, I used several laptops that has not been to firefox's website... so I think it is irrelevant.

it may be irrelevant but if you are redirected to the page you see it isn't technically your first visit...

Achernar

11:49 am on Mar 26, 2008 (gmt 0)

5+ Year Member



They use this technique:

// Borrowed from addons.mozilla.org - thanks :)

var PLATFORM_OTHER = 0;
var PLATFORM_WINDOWS = 1;
var PLATFORM_LINUX = 2;
var PLATFORM_MACOSX = 3;
var PLATFORM_MAC = 4;

// Default to windows
var gPlatform = PLATFORM_WINDOWS;

if (navigator.platform.indexOf("Win32") != -1)
gPlatform = PLATFORM_WINDOWS;
else if (navigator.platform.indexOf("Linux") != -1)
gPlatform = PLATFORM_LINUX;
else if (navigator.userAgent.indexOf("Mac OS X") != -1)
gPlatform = PLATFORM_MACOSX;
else if (navigator.userAgent.indexOf("MSIE 5.2") != -1)
gPlatform = PLATFORM_MACOSX;
else if (navigator.platform.indexOf("Mac") != -1)
gPlatform = PLATFORM_MAC;
else
gPlatform = PLATFORM_OTHER;

Sunnz

11:59 am on Mar 26, 2008 (gmt 0)

5+ Year Member



Well turning off JavaScript does the trick, so they indeed used JavaScript.

And I tried changing the user agent string within my web browser, it indeed seems like what they use! Sometimes I got weird result.

Achernar

1:18 pm on Mar 26, 2008 (gmt 0)

5+ Year Member



The useragent string is only used to detect MacOSX.

Sunnz

1:33 pm on Mar 26, 2008 (gmt 0)

5+ Year Member



Ah, I see, detecting OS can be pretty complicated even with JavaScript?

Achernar

2:37 pm on Mar 26, 2008 (gmt 0)

5+ Year Member



It depend on what information the browser shows to javascript.
Their method is also pretty basic.

On the same front you have browser detection. I've seen most sites, even google, using basic detection that can be spoofed easily by simply changing the user-agent. In fact there are alternative methods to better detect the type of browser. So far, the code I use hasn't reported false positives (100% reliable for FF, IE, Op). I'm sure a solid method can also be devised for OS detection.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month