Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Default user agent patch
From: David Fifield <david () bamsoftware com>
Date: Tue, 22 Mar 2011 17:38:55 -0700

On Wed, Mar 23, 2011 at 12:22:10AM +0100, Hani Benhabiles wrote:
Hi list,

I've noticed that in the http nselib the default user agent is hard coded as
"Mozilla/5.0 (compatible; Nmap Scripting Engine;
http://nmap.org/book/nse.html)"
this could be easily detected by an IDS/IPS.

I've attached a patch that changes it to the user agent pfa Firefox 3.6 web
browser on a Windows 7 machine.
This would make the http traffic generated look more authentic.

Thanks for taking the time to write a patch. The User-Agent was
consciously chosen to include "Nmap Scripting Engine". Not every user of
NSE is trying to evade an IDS, and any other static string we may use is
just as easy to block.

If anyone needs to change it, they should use the http.useragent script
argument, as documented at http://nmap.org/nsedoc/lib/http.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]