[nSLUG] User agent spoofing

Oliver Doepner odoepner at gmail.com
Mon Jan 22 11:29:00 AST 2007


I have just tried to access the infamous "Login to Business Centre" at 
Canada Post again. The site tries to detect the browser based on the 
user agent string and apparently it only allows IE and Netscape on 
Windows OS.

Good news: It can be tricked using user agent spoofing.
Bad news: I could only make it work in Konqueror.

Here are my results for Konqueror, Opera and Firefox:


With the default Konqueror user agent string I get redirected to their 
forbidding "browser error" page:


I configured Konqueror's "Browser Identification" setting for the site 
sso-cal.canadapost-postescanada.ca to "Internet Explorer 6 on Windows 
XP" and was admitted to login.

The literal user agent string that Konqueror used was "Mozilla/4.0 
(compatible; MSIE 6.0; Windows NT 5.1)".


With Opera there is no option to spoof the OS part of the user agent or 
even specify a completely user-defined string. All I could do in my 
Opera 9.02 was the following:

Identify as Internet Explorer:
Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 9.02

Mask as Internet Explorer:
Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en)

Both times the OS would still be X11 on Linux and I was not allowed to 
enter the site.


Firefox has no feature for setting the user agent on a per site basis. 
There is a about:config setting "general.useragent.override" to globally 
change the user agent string, though.

I set it to the same string that worked in Konqueror and the but for 
some reason I could not make it work.


Oliver Doepner


More information about the nSLUG mailing list