5 posts in this topic

Posted

Hi,

 

So, i'm trying to extract a report using BlueCoat reporter, which contains IP's, user agents and requests from the clients to the outer network.

I need to identify the platform (since BC doesn't let me do that) of which user agents belong to windows and which don't (iOS or Android). 

I'm familiar with most of nomenclatures but some leave me confused.

I was about to assume "darwin" on a user agent is Mac or iOS, due kernel being called "darwin" and safari shares this UA, but then I started findind UA like these: microsoft powerpoint cfnetwork darwin. 

 

So.. question, is this power point for MacOSX or power point also uses this user agent doing a network request? 

I might find some more and need help with (after researching), but I ca't find anything about this.

 

Any help would be greatly appreciated. 

Share this post


Link to post
Share on other sites

Posted

If you want to test what useragent something might send, point them here http://www.whatsmyuseragent.com/

This will tell you what the useragent is. Anything that does a request to a website would use a useragent, so sure powerpoint running on os x or ios device would look like that.. Could be going to online help, etc.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

If you want to test what useragent something might send, point them here http://www.whatsmyuseragent.com/

This will tell you what the useragent is. Anything that does a request to a website would use a useragent, so sure powerpoint running on os x or ios device would look like that.. Could be going to online help, etc.

 

First of all, thank you for your reply :) 

I know that website and I also use it, but I can't redirect thousands of computers to that website to drop 'em a fingerprint :rolleyes:

Maybe I wasn't clear, I'm extracting a report on bluecoard from thousands of computers in dozens of different networks, I'm trying to graph what's windows and whatnot :) 

That one i'm now sure it's power point for macosx :) the darwin/14.0.0 might be oSX version ( ? )

Share this post


Link to post
Share on other sites

Posted

I show this

FNetwork/672.0.2 iOS 7.0 Darwin/14.0.0 18. Sep. 2013

CFNetwork/672.0.2 iOS 7.0.1 Darwin/14.0.0 19. Sep. 2013

CFNetwork/672.0.2 iOS 7.0.2 Darwin/14.0.0 26. Sep. 2013

CFNetwork/672.0.8 iOS 7.0.3 Darwin/14.0.0 22. Oct. 2013

CFNetwork/672.0.8 iOS 7.0.4 Darwin/14.0.0 14. Nov. 2013

CFNetwork/672.0.8 iOS 7.0.5 Darwin/14.0.0 29. Jan. 2014

CFNetwork/672.0.8 iOS 7.0.6 Darwin/14.0.0 21. Feb. 2014

CFNetwork/672.1.9 Darwin/14.0.0

CFNetwork/672.1.10 Darwin/14.0.0

CFNetwork/672.1.11 Darwin/14.0.0

CFNetwork/672.1.12 iOS 7.1-b5 Darwin/14.0.0

CFNetwork/672.1.13 iOS 7.1 Darwin/14.0.0 10. Mar. 2014

CFNetwork/672.1.14 iOS 7.1.1 Darwin/14.0.0 22. Apr. 2014

CFNetwork/672.1.15 iOS 7.1.2 Darwin/14.0.0 30. Jun. 2014

clearly anything with darwin in it wouldn't be a windows machine - if that is your goal ;)

Looks to be only iOS and not os X to me.

I wouldn't expect you point all your machines there - was just suggestion to try and validate your suspicions of specific device/software could point there for verification ;)

You could paste your useragent here and have it spit out details about it for you.

http://www.useragentstring.com/

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Thanks! It's helping in some of my uncommon UA's :) 

There's a few specially java apps or sdk's and some UA's like "_" which I have to leave it as N/A, but i was able to identify above 95% :)

 

Thanks a lot for your help! :) 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.