[nSLUG] User agent spoofing

Ben Armstrong synrg at sanctuary.nslug.ns.ca
Tue Jan 23 10:56:37 AST 2007


After examining the flash detector I found, I delved into the source of the video page at tsn.ca to try to see what they use.  Their Javascript libraries appear to be contained in the following four files:

http://broadband.tsn.ca/broadband/broadband/scripts/dojo/dojo.js
http://broadband.tsn.ca/broadband/scripts/detect/os_detect.js
http://broadband.tsn.ca/broadband/scripts/detect/flash_detect.js
http://broadband.tsn.ca/broadband/scripts/detect/detect.js

And the detection code in the page itself is:

	var detectResult = doDetect();
	var detectState   = detectResult.detectState;
	var detectDisplay = detectResult.pn;
	document.write('<' + 'script type="text/javascript" language="javascript" src="/broadband/scripts/detect/' + detectDisplay + '">' + '<\/scr' + 'ipt>');

The problem starts in detect.js in function doDetect() here:

                if( ( !os.isMac()) && (!os.isWindows())){
                        detectState =  "os_other";
                        fn      = "error_os_not_support";
                }

As I said, once we figure out the right UserAgent, it shouldn't be hard to come up with patches that will make this work.  There is no "os.isLinux" in os_detect.js.  We'll need one (perhaps based on the other detector code I found -- or maybe we could recommend they switch wholesale to that detector, though that may be a tougher sell).

If anyone would like to pick up where I left off and finish this, feel free.  I didn't have time for anything more than a cursory glance at the code.

Ben
--
 ,-.  nSLUG    http://www.nslug.ns.ca   synrg at sanctuary.nslug.ns.ca
 \`'  Debian   http://www.debian.org    synrg at debian.org
  `          [ gpg 395C F3A4 35D3 D247 1387 2D9E 5A94 F3CA 0B27 13C8 ]
             [ pgp 7F DA 09 4B BA 2C 0D E0 1B B1 31 ED C6 A9 39 4F ]

!DSPAM:45b6225a164011644071672!




More information about the nSLUG mailing list