Home page logo

fulldisclosure logo Full Disclosure mailing list archives

From: "{tonyFelice}" <tony () breckcomm com>
Date: Sat, 17 Jul 2004 17:25:29 -0600

It is possible to append information to the user-agent using gpedit.msc
(group policy editor).  This information will then reside in the
HKLM>software>MS>win>currver>inetset>useragent>postplatform.  In this case,
however, the main information about the browser is still intact.

Example: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; <your string
here>; .NET CLR 1.1.4322)

The question is: what type of info are you trying to conceal, as the
user-agent contains very little _sensitive_ info.  Anonymous browsing would
require spoofing or hiding the IP address, which is not contained in the
user-agent.  If you are concerned that sites attempting to exploit the IE
vulnerabilities (patched or not) would be able to attack you based on this
string, it would be advisable to simply use another browser.

In any event, it should be available to you at
HKCU>software>MS>win>currver>inetset, which is the same folder that holds
that Zones.  I am not certain that changing this setting will suffice,

From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Gabriel
Sent: Saturday, July 17, 2004 3:40 PM
To: Full Disclosure
Subject: [Full-disclosure] IE

i am qurious if a regedit setting exist in order to alter the user agent of
the browser 
and to conseal info.
Thank you

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • IE Gabriel Alexadros (Jul 17)
    • Re: IE morning_wood (Jul 17)
    • RE: IE {tonyFelice} (Jul 18)
  • (Thread continues...)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]