If you are the kind of person that uses different browsers or different devices to access websites, you may have noticed that many sites can look quite different depending on which browser you are using. When your browser sends a request to a website, it identifies itself with the user agent string before it retrieves the content you’ve requested. The data in the user agent string help the website to deliver the content in a format that suits your browser. Even though depending on user agents alone is no longer enough to optimize a website, they are still an important source of information.
How can I find mine?
If you want to check the user agent you are broadcasting to websites you visit, have a look here: http://ip.it-mate.co.uk/. Along with the user agent identification, the browser sends information about the device and the network that the user is on, like the IP address. That information is responsible for the first 3 lines of information on that site. But the 4th line is the one showing your user agent string. The strings can be confusing if you try to read them yourself. For example, for historical reasons, almost every web bbrowser identifies itself as a Mozilla browser.
Not only browsers utilize a user agent. The same is true for email clients and other programs that display website content. A very different type of user agent strings can be found that are in use by crawlers. This will grant access to certain parts of sites that are restricted for regular users, but on other sites the same crawler may be blocked as a whole.
For the breakdown we will concentrate on user agents that can be expected to be web browsers operated by humans. For these browsers the format of the user agent string is:
Mozilla/[version] ([system and browser information]) [platform] ([platform details]) [extensions]
Since Opera, who were the last to adapt to this standard, also started using the Mozilla user agent string, every popular browser uses this and will start the user agent string with Mozilla and the version number. Where Mozilla/5.0 is the latest version. The platform and platform details is where you can tell the difference between browsers. Some browser extensions are noted in the user agent string if they need certain content to be rendered in a specific way.
Is it a problem to give out this information?
To be honest, it’s a bigger problem not giving it away most of the times. Of course sites with malicious intentions can use this information to deliver specific exploits that have a bigger chance of working on your system. But there are more refined ways to do this, that get far more useful information. Also, it is not that hard to adapt your user agent string, so if you want to mislead the webserver that is not very hard either.
More information about the breakdown
Chrome User Agent explained, breaks down your user string and explains all the elements. Intended for Chrome, but it does explain big parts of other user agents as well.
This is a Security Bloggers Network syndicated blog post authored by Pieter Arntz. Read the original post at: Malwarebytes Labs