Trick OS webscanners

[Live Wire]

I was wondering if there is anyway to make a website think im using a different OS? I know about user agent switchers, but are there tools to make you look like, say, win7 instead of ubuntu for example. Thanks

[bubzuru]

I was wondering if there is anyway to make a website think im using a different OS? I know about user agent switchers, but are there tools to make you look like, say, win7 instead of ubuntu for example. Thanks

doesnt the os info get ectracted from the user agent ??

[ande]

doesnt the os info get ectracted from the user agent ??

Yup, change your user-agent and you look like anything you want.

[Live Wire]

i thought the user agent just changed which browser you were using. you can use them to spoof OS to! this changes everything... Thanks guys!

[Kulverstukas]

Well duh... you will have to change the User-Agent on all browsers you have, because if you change on one, the original OS will be shown in the other browser

[Live Wire]

shit, that is in the menu lol im stupid. that makes life easier, thanks

[neusbeer]

well actualy the information (as far as I now it) isn't pulled from
the useragent only.
the browser holds more information vars.
browser info, installed modules/plugins, system, ect
Firefox doesn't use useragent for identifying your os they use a
java script. (example: http://www.quirksmode.org/js/detect.html)
so changing the useragent is not bulletproof (but most sites uses the useragent method - or turn off javascript completely).
There's and old (Very very usefull program! still figuring him out) proxomitron http://www.proxomitron.info/  it's a usefull http-proxy (used a lot for cookie spoofing)




have a look here: http://browserspy.dk/os.php

[Live Wire]

Thanks thats really useful!

[I_Learning_I]

well actualy the information (as far as I now it) isn't pulled from
the useragent only.
the browser holds more information vars.
browser info, installed modules/plugins, system, ect
Firefox doesn't use useragent for identifying your os they use a
java script. (example: http://www.quirksmode.org/js/detect.html)
so changing the useragent is not bulletproof (but most sites uses the useragent method - or turn off javascript completely).
There's and old (Very very usefull program! still figuring him out) proxomitron http://www.proxomitron.info/  it's a usefull http-proxy (used a lot for cookie spoofing)




have a look here: http://browserspy.dk/os.php

Although I understand what you mean you did not explained it correctly, it is not Firefox who tells the website your OS.
Let's see, JavaScript and User-Agent are 2 different ways to recognize the OS and both are completely independent and got nothing to do with the Browser you're using.

Let's start by saying that JS is a CLIENT_SIDE script, which means that no website should grab any information from it, that's just wrong from the website part and can be easily be faked by simply disabling JavaScript or altering the variable, same for cookies.
Leaving us with User-Agent, which has been said is also completely modifiable.

Just a small apart, keep in mind that making yourself pass as a linux when you're in fact using a Windows can give you bad results, simply due to packet fragmentation.
If you've read Nmap book you should have an idea what I'm talking about, I'm not going to go much in detail as it is not that frequent, just saying, it can happen.

but I have a question, your title is Trick OS webscanners, I have to ask, why would you do it?
If the idea is to do a scan to a website and make sure they won't get any information from you, I would be much more worried about IP.
There's also another thing that worries me, but basically because I don't know much about it, which is the possibility of logging in pretty much anywhere with your Facebook and Google account, won't that leave any trace in the website?

[ande]

Although I understand what you mean you did not explained it correctly, it is not Firefox who tells the website your OS.
Let's see, JavaScript and User-Agent are 2 different ways to recognize the OS and both are completely independent and got nothing to do with the Browser you're using.

Let's start by saying that JS is a CLIENT_SIDE script, which means that no website should grab any information from it, that's just wrong from the website part and can be easily be faked by simply disabling JavaScript or altering the variable, same for cookies.
Leaving us with User-Agent, which has been said is also completely modifiable.

Just a small apart, keep in mind that making yourself pass as a linux when you're in fact using a Windows can give you bad results, simply due to packet fragmentation.
If you've read Nmap book you should have an idea what I'm talking about, I'm not going to go much in detail as it is not that frequent, just saying, it can happen.

but I have a question, your title is Trick OS webscanners, I have to ask, why would you do it?
If the idea is to do a scan to a website and make sure they won't get any information from you, I would be much more worried about IP.
There's also another thing that worries me, but basically because I don't know much about it, which is the possibility of logging in pretty much anywhere with your Facebook and Google account, won't that leave any trace in the website?

And this my friends. Is why he is VIP.

[Tsar]

As I_Learning_I says its completely situational, so chances are you won't even need to take it this far, but I will add if you want to spoof as a different OS and not worry about packet fragmentation (I'm not sure how big of a problem that actually is...) you could always use a VM running the OS of your choice and browse from inside. But that would be a more extreme route if you we're truly concerned about web OS scanners (but as I_Learning_I said, there are more important things to worry about..)