[Owasp-appsensor-project] Detection points for IP-address and user agent

Erlend Oftedal erlend at oftedal.no
Tue Dec 10 18:40:25 UTC 2013


I was wondering whether anyone has looked into detection points for
IP-address and user agent.
While running this on a test site, I experienced the IP-address changing
benignly due to the use of clustered outgoing proxies, and user agents
changing during downloads of PDFs. The user agent changed between IE and
Chrome Frame, IE also sends "Contype" as user agent when a PDF is
downloaded from the Adobe Reader plugin. Similar things happen for Safari
and other browsers. On Windows 8, the word "touch" also sometimes appears
in the user agent and sometimes not.
This makes it hard to use these detection points for anything useful
without maintaining a seemingly fragile set of rules.

Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20131210/9c218f8d/attachment.html>

More information about the Owasp-appsensor-project mailing list