Browser spoofing

Mantra · 08-06-2021, 05:08 AM

Hi, I'm trying to use Seamonkey, but some sites only want Firefox or Chrome, and seem to be using some other method than the useragent string to detect it - any ideas how to work around this?

shruggy · 08-06-2021, 05:29 AM

Are you sure it's really not User Agent? SeaMonkey uses the same web engine as Firefox, I don't think it would be easy for websites to tell them apart by any other means. Moreover, what would be the purpose of a website going to great lengths in order to distinguish between SeaMonkey and Firefox?

Perhaps, the SeaMonkey you're using just happens to be of much older version than Firefox?

Mantra · 08-06-2021, 06:32 AM

No, I'm not sure, but I've tried spoofing the useragent with a FF 90 string and it still says outdated browser - maybe I had the strings wrong though - will post here in a sec

Mantra · 08-06-2021, 06:33 AM

This is the string I used (in general.useragent.override) and it gave the same error: "Mozilla/5.0 (X11; Linux; x86_64; rv:90.0) Gecko/20100101 Firefox/90.0"

boughtonp · 08-06-2021, 07:24 AM

Have you restarted the browser - I've noticed useragent overriding can be cached after first change. Check F12 > Network tab to confirm whether the value being sent matches your config.

If a site uses a server-side check to generate a HTML message, you can grep the output of curl to identify an [un]accepted value before making the actual change:

Code:

curl -LSs -A 'INSERT_USERAGENT_HERE' 'INSERT_URL_HERE' | grep -i browser

Unfortunately, many sites instead will always output the HTML then use JavaScript to hide/show it, so can't always do that. (It's probably more common that sites with bloated HTML and bloated JavaScript that can't be arsed to do basic graceful degradation and so show such messages.)

onebuck · 08-06-2021, 07:43 AM

Hi,

Quote:

Originally Posted by Mantra

This is the string I used (in general.useragent.override) and it gave the same error: "Mozilla/5.0 (X11; Linux; x86_64; rv:90.0) Gecko/20100101 Firefox/90.0"

You can use this site to check the user agent; https://www.whatismybrowser.com/dete...-my-user-agent

Hope this helps.

Mantra · 08-06-2021, 07:44 AM

Yes, restarted the browser (although Seamonkey doesn't seem to cache it - reloading a page such as https://gs.statcounter.com/detect shows the updated value immediately).

Not sure it affects the actual detection, but it seems to be handled with a redirect (the page in question is https://trader.degiro.nl/login/uk#/login which reloads a different page when it detects an "old" browser).

dugan · 08-06-2021, 03:36 PM

What likely happened is that the site checked whether your browser supports what it actually needs to run, and the test was negative. They do this by executing JavaScript and looking at what fails. In that case, you actually do need a more up-to-date browser.

One question I have is: does the site actually not work, or does it just show a message that you can really ignore?

Mantra · 08-07-2021, 02:54 AM

The site won't load with the latest version of Seamonkey, but it will load with an outdated version of Midori! It doesn't show the login screen at all (and the actual login seems to be done with javascript, it doesn't seem to be possible to just load the target page by passing a username and password anywhere).

Mantra · 08-07-2021, 03:03 AM

And yes, I can just use Midori for the site instead. But at this point I want to work out what's happening out of curiosity!

linux12345 · 09-27-2021, 01:40 PM

Look with Ctrl+U into the source code. Then you will find an inline script which tests browser features.

Code:

isSupportedDevice=!1;try{var fakeElement=document.createElement("div");fakeElement.style.display="grid";var featuresDetection=["grid"===fakeElement.style.display,eval("async () => ({})"),eval('({...{a: "a"}})'),"function"==typeof fetch,"function"==typeof IntersectionObserver,"function"==typeof Object.is,"function"==typeof Object.assign,"function"==typeof Array.prototype.find,"function"==typeof Array.prototype.findIndex,"function"==typeof Array.prototype.includes,"function"==typeof Array.from,"function"==typeof String.prototype.includes,"function"==typeof String.prototype.padEnd,"function"==typeof String.prototype.padStart,"function"==typeof Number.isNaN,"function"==typeof document.createElement("form").checkValidity,"object"==typeof document.createElement("input").validity,"function"==typeof document.addEventListener,"undefined"!=typeof WebSocket,"function"==typeof Object.fromEntries,"function"==typeof Promise.prototype.finally,"function"==typeof Intl.NumberFormat,"function"==typeof Intl.Collator,"function"==typeof Intl.DateTimeFormat,"function"==typeof Function.prototype.bind,"function"==typeof window.btoa,"function"==typeof window.requestAnimationFrame,"function"==typeof window.cancelAnimationFrame,void 0!==location.origin,"undefined"!=typeof localStorage,"undefined"!=typeof Worker,"undefined"!=typeof Blob,"undefined"!=typeof URL,matchMedia("(pointer: fine), (pointer: coarse), (pointer: none)").matches,"dataset"in fakeElement,"classList"in fakeElement,"withCredentials"in new XMLHttpRequest];isSupportedDevice=featuresDetection.every((function(e){return e}))}catch(e){}if(!isSupportedDevice){var pathname=location.pathname,loginRoot="/login/";return location.replace((0===pathname.indexOf(loginRoot)?loginRoot:"")+"unsupported-platform.html")}

I wonder if it is possible to write a rule for the Add-on Ublock Origin to block the execution of this special feature testing inline script? Or to save the code to disk and delete this test and make a local injection of the changed code? Or just make an 'on the fly' usage of those browser integrated web developer tools? Has anybody a nice solution how to deal with such annoyances?

Mantra · 09-29-2021, 01:22 AM

Good work digging that out! The ublock route sounds promising, I won't have time to look at it this weekend but hopefully next week. Progress!