• About Us
  • Blog
  • Basket
  • Account
  • Sign In
  •  

Blog

User Agent Spoofing

Published on Monday, October 27, 2014

User Agent Spoofing

Why it works well with device detection

What is user agent spoofing?

User agent spoofing is basically replacing the user agent string your browser sends as an HTTP header with another character string. Each major browser has a bunch of plugins and extensions that allow users to change their user agent. If your original user agent was:
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36
then your spoofed user agent could look something like:
Mozilla/5.0 (Windows NT 6.1; WOW64) Gecko/20090722 Chrome/38.0.2125.104 (X) Safari 6 Orca/1.2 build 2

51Degrees approach

51Degrees uses HTTP user agent headers amongst others in order to identify properties of the requesting device. Changing the user agent will alter detection results. The accuracy of detection will vary based on the amount of characters changed in the user agent. Changing just a few symbols will most likely produce a fairly accurate result as the 51Degrees detector uses several detection methods based on device signatures. Changing an entire string will cause the device to be detected as a device corresponding to the new string.

Website with 51Degrees device detection.
Website with 51Degrees device detection.

Example

So, if I was using Samsung Galaxy S4 user agent:
Mozilla/5.0 (Linux; Android 4.2.2; nl-nl; SAMSUNG GT-I9505 Build/JDQ39) AppleWebKit/535.19 (KHTML, like Gecko) Version/1.0 Chrome/18.0.1025.308 Mobile Safari/535.19
and substitute bits from HTC Vision user agent:
Mozilla/5.0 (Linux; U; Android 2.3.5; en-us; HTC Vision Build/GRI40) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
I will end up with a hybrid user agent:
Mozilla/5.0 (Linux; U; Android 2.3.5; en-us; HTC Vision Build/GRI40) AppleWebKit/533.1 (X; 543) Version/4.0 Mobile Safari/533.1
Which is still identified as an android smart phone. That was a pretty usual mix of user agents and some additional characters. But what would happen if the user agent was a completely random mix of characters not corresponding to any of the real user agent strings? For example:
aRjP&^%$erF
Such user agents will be identified as an Emulator/Desktop type device, meaning that a desktop version of the website should be supplied. Any user who has chosen to use such a string of characters for his or her user agent clearly wants to be treated as a generic device without any specific characteristics.

What impact does it have?

This is generally beneficial for websites and projects as it simplifies testing for various devices. All you need to do in order to check out how your website will look on a specific device is change the user agent. You don't need to have physical access to thousands of various devices.

If a customer chose to spoof their user agent, and the spoofed user agent disguises the device as one of a different type, such customers are willingly giving up the option of viewing the content in the best format and composition for their device. If the spoofed user agent corresponds to the original device type, then the website's content will still be presented in the best way possible.

Forcing customers to use a specific version of your site is never a good idea as it may annoy them. It's best to provide a link to other website versions should they wish to change the view.

External sources

Image by Sukanto Debnath via Flickr

Comments (0)
Mike
>

Mike

Other posts by Mike
Contact author

Name:
Email:
Subject:
Message:
x

Tags

.NET 4G 51Degrees 5G Acer Adform Adtech Advertising Afilias Alcatel Amazon AMP Analysis Analytics Android Apache API Apple Asian Market ASP.NET Asus Blackberry Browser C C# Centro Chrome Cloud CMS CPU CSS3 Data Data Blog Data File Daydream Design Detection Developers Device Device Data Device Detection Device Intelligence Device Models Device property DeviceAtlas Disney dmexco DotNetNuke Download ebay Ericsson Event Facebook Firefox Foundation Framework Galaxy git repositories Google Google Analytics Google Daydream GPU GSMA Guess HAProxy Hash Trie HTC HTML5 HTTP HTTP Headers Huawei Infinix Ingeniux Internet usage iOS iOS 13 ipad iPadOS iPhone iPhone 11 Java Javascript Kentico LG Liferay LTE m.dot Memory Memory leak Meta Data Microsoft Mobile Mobile Analysis Mobile Analytics Mobile Devices Mobile Marketing Mixer Motorola Mozilla MWC MWC 2017 MWC16 Native Apps NET New Release News Nexus NFC NGINX Nokia OnePlus 5 Opera Operating System Oppo Optimisation OS Patent Performance PHP Press Release Price Band programmatic Publishers Python Redirection Research Responsive Images Responsive web design RESS Review RTB RWD Safari Samsung Scala ScientiaMobile SEO Server Server-side optimisation Seznam.cz Sitecore Smart TV Smartphone Smartwatches Sony Swedish Beers Tablet Tencent Testing Tips Tutorial Umbraco Update User Agent User-Agent Valgrind Varnish Varnish Cache Video Vodafone VoLTE Web Web Apps Web content management Webtrekk White Paper Widgets WiFi Windows WURFL Xiaomi Xperia ZTE