Spoofing your info via browser.

[Detector]

I am looking for info on how web sites obtain OS, browser, IP type info, and how one might write a VB app to spoof this info. Can this be done? Can it be done while still using IE, or would a custom browser be better? Is there a limitation on the OS used to be able to spoof this info? Any direction or examples would be greatly appreciated.

Thanks!

[cjard]

all the information is available via scripting commands. i fail to understand what you mean by "spoof this via vb" - are you writing a a vb app to be a web browser, that will lie about its host system, type and capabilities?

[Detector]

Actually it's a 'Honey Pot' type software. I want to be able to entice would-be hackers via say message boards, and report back spoofed info. If possible, I would like to be able to spoof my IP so that when they go to the 'Who's on-line' it would not show my firewall, but the IP I want them to probe. But the IP spoof is not so important as browser/OS info.

Is writing a custom browser the best way to spoof such info?

Thanks!

[cjard]

Originally posted by Detector
Actually it's a 'Honey Pot' type software. I want to be able to entice would-be hackers via say message boards, and report back spoofed info. If possible, I would like to be able to spoof my IP so that when they go to the 'Who's on-line' it would not show my firewall, but the IP I want them to probe. But the IP spoof is not so important as browser/OS info.

Is writing a custom browser the best way to spoof such info?

Thanks!

you cant. the web browser that deals with the bulletin board software gets your IP address from the last host it knows about.

even if you write some proxy software to sit on your machine and lie about the client-ip, it is likely that the board software will be dumb enough to simply report the proxy's ip address.. i.e., your ip address.

if we use a header reporter like:

http://www.ericgiguere.com/tools/htt...er-viewer.html

and we use a proxy, we see there is an extended header there: x-forwarded-for

as this is an X header, software it not obliged to understand or take notice of it. it is, however, it does contain my ip address, depsite the fact that I am using a proxy in austria (thanks to whomever may be the host)

thus, there is only one thing to do, in order to write this spoof; generate a VB program that tells lies when it sends an x-forwarded-for header but bear in mind that there is absolutely no guarantee that the board software will take any notice of the header itself; it may well go and get your ip address from the socket that is connected to you, in which case, your vb spoofer wont be much use..

is this enough info?

[cjard]

browser/os info is a function of the User-Agent: header

information on the formation of user-agent for mozilla based browsers is found here:

http://www.mozilla.org/build/revised...t-strings.html

there are no guarantees that IE obey this, though they seem to

more information may be found from doingn a simple "user-agent" query on google

[Detector]

Thanks cjard, that is just what I was looking for. So how about through the packet itself using Wincap, is it possible to intercept, implant and pass on the desired info?

[cjard]

i dont know about that one, to be honest, because im not sure how much the board cares about sending information to you.. if you were to make a posting and spoof your IP address, your computer would naturally fail to receive any data, but it may be sufficient simply to emit the POST request, bound up in spoofed packets, and the board will make the posting, with that IP. To see your posting, and indeed to operate the boards, you will need to use your real IP..

perhaps you could write a proxy that uses your real ip address for get requests, but uses a wincap spoofed ip for POST requests. im not familiar with wincap, however, so i decline to comment on the feasibility of such an operation

[cjard]

dont forget that boards use cookies or maybe your known ip address to store details related to your online session. those details must also be passed on otherwise the board will log you out

[Detector]

Much thanks again.