User Agent Spoofing

When a browser or bot requests a webpage, it sends a User-Agent HTTP header containing a string of text that describes the client. So, if you are using Firefox on Windows to browse the web, it is sending this string of text to every website you visit, where it is visible by the server and any embedded third-party scripts like banner advertising:

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:142.0) Gecko/20100101 Firefox/142.0

Fortunately, these things are very easy to change on your end before they are sent out. By the end of this article, you will have learned multiple ways how.

If you can't guess why using your naked User-Agent might be a bad idea during operations, consider the following examples:

• You are committing some kind of crime on the internet. The User-Agent you passed when committing the crime is used as correlating evidence against you in court, after they get a warrant to seize & examine your computer.

• You're using a crude curl or wget script to DDOS someone's website. You've even figured out how to make it look like the attack is coming from multiple addresses, but you never changed the User-Agent. The system administrator who is called in to look at it sees that all these requests are being sent using an obscure command-line utility, blocks your entire network at the firewall level, and then starts warning others about your botnet.

All of these problems could have been avoided by simply manipulating HTTP headers before they are sent out!

If you need valid User-Agent strings to use in your spoofing adventures, here are some resources:

• WhatIsMyBrowser.com has a pretty comprehensive set of pages covering a wide variety of user agents.

Since User-Agent strings are set on the application level, how to spoof it depends on the type of software you are using. If you have multiple programs, you will have to spoof them all individually:

Changing your browser's User-Agent is incredibly simple. Web developers need to make sure their applications work in multiple browsers, and will oftentimes use tools & extensions to change the User-Agent to test for bugs.

This is by no means an exhaustive list, and we have not tried all of these, but it should be enough to get you started:

• https://addons.mozilla.org/en-US/firefox/addon/chrome-mask/
• https://addons.mozilla.org/en-US/firefox/addon/uaswitcher/
• https://addons.mozilla.org/en-US/firefox/addon/user-agent-string-switcher/
• https://addons.mozilla.org/en-US/firefox/addon/random_user_agent/

By default, curl sends a User-Agent string in the format curl/X.Y.Z, where X.Y.Z represents the version of curl installed on your system. For example, curl/8.4.0. There are several ways you can pass custom User-Agent strings:

Use the -a flag to directly set the User-Agent:

$ curl -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:142.0) Gecko/20100101 Firefox/142.0" https://example.com

You can make up an entirely custom User-Agent as well. Be forewarned however that it works better if you set one that lets you blend in with the crowd:

$ curl --user-agent "MyCustomAgent/1.0" https://example.com

Use the –user-agent flag, which works the same way as -a:

$ curl --user-agent "MyCustomAgent/1.0" https://example.com

Since the User-Agent is passed as an HTTP header, you can also change the User-Agent by using t -H flag, which lets you manipulate headers:

$ curl -H "User-Agent: MyCustomAgent/1.0" https://example.com

To spoof the User-Agent in Newsboat, add the following line to your .config/newsboat/config file:

user-agent "MyCustomAgent/1.0"

By default, Wget sends a User-Agent string in the format Wget/X.Y.Z, where X.Y.Z represents the installed version of Wget. For example, if you have Wget version 1.21.4, the default User-Agent would be Wget/1.21.4.

To set a custom User-Agent, use the -u or –user-agent flags:

$ wget --user-agent="MyCustomAgent/1.0" https://example.com

For more information on how to use wget, read the Wget article.