Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I know that a web server can detect the type of browser that is being used. Can a web server detect add-ons that are used by those browsers? If so, how?
I know that a web server can detect the type of browser that is being used. Can a web server detect add-ons that are used by those browsers? If so, how?
Are you trying to do this or protect yourself from having it done to you?
I believe it depends on the browser's design, but someone please correct me if I'm wrong. It's definitely not something to be taken lightly, as in most cases it would be considered a security vulnerability (information disclosure) IMHO. IIRC Firefox has been affected by this issue in the past, and it was consequently patched due to the security implications.
So, unless a browser specifically provides this as a feature, you'd need to exploit it in order to get your hands on this information. And in that case, a discussion regarding a "how" would not be compatible with the LQ Rules. This is just something I would like our members to keep in mind when replying to your question.
As far as a legit way to do it, I think you could probably create a Firefox extension which does this. Users could then install it at their own risk if they so wish. Of course, the extension developer would need to document the method which the server would need to use to query the browser for the details.
Are you trying to do this or protect yourself from having it done to you?
I believe it depends on the browser's design, but someone please correct me if I'm wrong. It's definitely not something to be taken lightly, as in most cases it would be considered a security vulnerability (information disclosure) IMHO. IIRC Firefox has been affected by this issue in the past, and it was consequently patched due to the security implications.
So, unless a browser specifically provides this as a feature, you'd need to exploit it in order to get your hands on this information. And in that case, a discussion regarding a "how" would not be compatible with the LQ Rules. This is just something I would like our members to keep in mind when replying to your question.
As far as a legit way to do it, I think you could probably create a Firefox extension which does this. Users could then install it at their own risk if they so wish. Of course, the extension developer would need to document the method which the server would need to use to query the browser for the details.
You've answered my question... thanks.
I am curious though, how does the web server know what browser is being used? I guess it's sent in the connection messages.
It's definitely not something to be taken lightly, as in most cases it would be considered a security vulnerability (information disclosure) IMHO. IIRC Firefox has been affected by this issue in the past, and it was consequently patched due to the security implications.
IIGC the FF extension one had to do with chrome:// URIs. (Gotta love the browser that renders everything *plus* the kitchensink.) See the ha.ckers site, they do a pretty good job explaining all sorts of FF "goodies".
Quote:
Originally Posted by gliesian
I am curious though, how does the web server know what browser is being used? I guess it's sent in the connection messages.
The browser specs are in the UA or "User Agent" string the application sends. Servers can not depend on it because often apps have ways to "d|refine" the UA at compile time, through config files (Privoxy: hide-user-agent{}) or on the CLI (wget, mplayer: --user-agent).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.