• 0

Report which contains user agent and identify platform of that user agent


Go to solution Solved by BudMan,

Question

MidnightDevil

Hi,

 

So, i'm trying to extract a report using BlueCoat reporter, which contains IP's, user agents and requests from the clients to the outer network.

I need to identify the platform (since BC doesn't let me do that) of which user agents belong to windows and which don't (iOS or Android). 

I'm familiar with most of nomenclatures but some leave me confused.

I was about to assume "darwin" on a user agent is Mac or iOS, due kernel being called "darwin" and safari shares this UA, but then I started findind UA like these: microsoft powerpoint cfnetwork darwin. 

 

So.. question, is this power point for MacOSX or power point also uses this user agent doing a network request? 

I might find some more and need help with (after researching), but I ca't find anything about this.

 

Any help would be greatly appreciated. 

Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0
+BudMan

I show this

FNetwork/672.0.2 iOS 7.0 Darwin/14.0.0 18. Sep. 2013

CFNetwork/672.0.2 iOS 7.0.1 Darwin/14.0.0 19. Sep. 2013

CFNetwork/672.0.2 iOS 7.0.2 Darwin/14.0.0 26. Sep. 2013

CFNetwork/672.0.8 iOS 7.0.3 Darwin/14.0.0 22. Oct. 2013

CFNetwork/672.0.8 iOS 7.0.4 Darwin/14.0.0 14. Nov. 2013

CFNetwork/672.0.8 iOS 7.0.5 Darwin/14.0.0 29. Jan. 2014

CFNetwork/672.0.8 iOS 7.0.6 Darwin/14.0.0 21. Feb. 2014

CFNetwork/672.1.9 Darwin/14.0.0

CFNetwork/672.1.10 Darwin/14.0.0

CFNetwork/672.1.11 Darwin/14.0.0

CFNetwork/672.1.12 iOS 7.1-b5 Darwin/14.0.0

CFNetwork/672.1.13 iOS 7.1 Darwin/14.0.0 10. Mar. 2014

CFNetwork/672.1.14 iOS 7.1.1 Darwin/14.0.0 22. Apr. 2014

CFNetwork/672.1.15 iOS 7.1.2 Darwin/14.0.0 30. Jun. 2014

clearly anything with darwin in it wouldn't be a windows machine - if that is your goal ;)

Looks to be only iOS and not os X to me.

I wouldn't expect you point all your machines there - was just suggestion to try and validate your suspicions of specific device/software could point there for verification ;)

You could paste your useragent here and have it spit out details about it for you.

http://www.useragentstring.com/

  • Like 1
Link to post
Share on other sites
  • 0
+BudMan

If you want to test what useragent something might send, point them here http://www.whatsmyuseragent.com/

This will tell you what the useragent is. Anything that does a request to a website would use a useragent, so sure powerpoint running on os x or ios device would look like that.. Could be going to online help, etc.

  • Like 1
Link to post
Share on other sites
  • 0
MidnightDevil

If you want to test what useragent something might send, point them here http://www.whatsmyuseragent.com/

This will tell you what the useragent is. Anything that does a request to a website would use a useragent, so sure powerpoint running on os x or ios device would look like that.. Could be going to online help, etc.

 

First of all, thank you for your reply :) 

I know that website and I also use it, but I can't redirect thousands of computers to that website to drop 'em a fingerprint :rolleyes:

Maybe I wasn't clear, I'm extracting a report on bluecoard from thousands of computers in dozens of different networks, I'm trying to graph what's windows and whatnot :) 

That one i'm now sure it's power point for macosx :) the darwin/14.0.0 might be oSX version ( ? )

Link to post
Share on other sites
  • 0
MidnightDevil

Thanks! It's helping in some of my uncommon UA's :) 

There's a few specially java apps or sdk's and some UA's like "_" which I have to leave it as N/A, but i was able to identify above 95% :)

 

Thanks a lot for your help! :) 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By dipsylalapo
      Hey everyone, 
       
      I haven't touched my network setup in a long time as it's been working with no issues for months. 
       
      Over the last week or so, I've noticed that some devices struggle to stay connected to the network. At the moment, there's a Kindle and a desktop that are struggling to stay connected. 
       
      I've no idea where to start looking into this so any pointers would be great!
       
      I have a USG, two Unifi APs (Lite) and a D-Link switch (DGS-1100-08P).
    • By News Staff
      Get the Ultimate Cybersecurity Certification Bundle for only $39.99
      by Steven Parker



      Today's highlighted deal comes via our Online Courses section of the Neowin Deals store, where you can save 52% off the Ultimate Cybersecurity Certification Bundle. Your 28-hour roadmap as an ultimate security professional — Master network monitoring, PenTesting, and routing techniques and vulnerabilities.

      What's the deal?
      This deal consists of the following courses:

      Parsing TCP Socket Data with C/C++
      Understand Socket Programming & Build Apps in Your Network or Internet Introduction of C++ Sockets
      Learn the Most Fundamental & Practical IT Communications & Develop Your Own Socket Apps How Hackers Find SQL Injections in Minutes with Sqlmap
      Effectively Detect & Exploit SQL Injection Vulnerabilities — Ideal for Penetration Testers, Ethical Hackers, Bug Hunters, and More How Web Hackers Make Big Money: Remote Code Execution
      Become a Succesful RCE Hunter with 1-Hour Crash Course from Top Hacker Dawid Czagan Double Your Web Hacking Rewards with Fuzzing
      Learn the Vulnerability Detection Technique Used by Many Successful Hackers & Make Money in Bug Bounty Programs Practical Blockchain & Smart Contracts: Ethereum and Solidity
      Implement Blockchain in Your Software Projects & Upcoming Project Ideas CCNP Routing & Switching ROUTE300-101
      Join the Professional World of Cisco Systems & Gain a Higher Level of Routing Competence Setting up Nagios 4 Monitoring
      Set Up a Monitoring Console Showing the Health of Multiple Remote Servers The Ethical Hacking MasterClass
      Perform Advanced Penetration Testing, Exploit Vulnerable Systems & Patch Them Good to know
      Length of access: lifetime Certification of completion included Redemption deadline: redeem your code within 30 days of purchase For full descriptions, terms, and instructor info please click here.

      What's the benefit?
      This Ultimate Cybersecurity Certification Bundle normally costs $84.91 but it can be yours for just $39.99 for a limited time, that's a saving of $44.92 (54%) off!

      >> Get this deal, or learn more about it <<
      See all Online Courses on offer, This is a time-limited deal, ending soon!
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      If this offer doesn't interest you, why not check out the following offers:

      The Samsung Galaxy Z Flip 256GB Giveaway 20% off Ivacy VPN subscription with coupon code IVACY20 NordVPN subscription at up to 70% off Private Internet Access VPN subscription at up to 71% off Unlocator VPN or SmartDNS unblock Geoblock with 7-day free trial Disable Sponsored posts · Other recent deals · Preferred partner software

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By zikalify
      EE will be the exclusive carrier of the new Motorola Razr in the UK
      by Paul Hill

      EE has announced that the new Motorola Razr will be exclusively stocked online and in its stores following a partnership with Motorola. The new Motorola Razr is a callback to the Motorola Razr from the 2000s which was a very popular flip phone. The new version also incorporates a flip design in order to house a 6.2-inch Flex View display.

      Aside from the big display on the inside of the phone, there’s also an external 2.7-inch Quick View display where you can access important information. The Quick View display allows you to make calls, reply to messages, pay with a tap, control your music, take selfies, use Google Assistant, and access some settings such as turning on Bluetooth, Wi-Fi, a Hotspot, and more.



      Commenting on the news, Sharon Meadows, Director of Devices, Partnerships & Business Development at EE, said:

      The Motorola Razr is due to launch in January 2020 for $1,500 (£1,170). EE has not announced the plans which it will sell this device on but the price announced by Motorola suggests that the plans will be pricey.

    • By News Staff
      Modernize Your IT Monitoring With Predictive Analytics - Free White Paper
      by Steven Parker

      Claim this complimentary White Paper for free today, before the offer expires.



      What's it about?
      IT monitoring technology is moving forward rapidly, thanks in large part to machine learning and predictive analytics. If you’re still getting by with a legacy IT solution, you’re missing out on a lot more than a shiny object. The benefits of a New IT approach are being proven every day.

      Download your complimentary copy of “Modernize Your IT Monitoring with Predictive Analytics” to find out how a data-driven, predictive approach to IT monitoring can bring your organization into the world of New IT. You’ll find out where you are on the IT Maturity Framework and get practical tips for how to move up the curve. Plus, you’ll learn how to:

      Break down data silos to get the most value from all your data without extensive cleansing and preparation Build alignment between your IT department and business stakeholders Speed up the process of identifying bottlenecks and performing root-cause analysis, letting you solve problems faster and prevent them from reoccurring. How to get it
      Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last!

      >> Modernize Your IT Monitoring With Predictive Analytics - Free White Paper <<
      Offered by Splunk, view other free resources | Limited time offer

      Not for you?
      That's OK, there are other free eBooks on offer you can check out here, but be aware that these are all time-limited offers. If you are uncomfortable sharing your details with a third-party sponsor, we understand. Or via our preferred partner:

      How can I disable these posts? Click here.

      Disclosure: A valid email address is required to fulfill your request. Complete and verifiable information is required in order to receive this offer. By submitting a request, your information is subject to TradePub.com's Privacy Policy.

    • By Dutchie64
      Hi all,

      Apologies if this has a thread somewhere....

      I would like to know what people are using for network analyses, free/OSS or paid solutions.
      And with analysis I mean a more or less simple way to collect data about:
      - All computers on the network,
      - The OS and applications installations/versions
      - Network traffic/port use

      So a 'security risk' based check of the hardware and software running, so you can plan some security hardening on your systems.

      I know about applications like WireShark for network traffic checks, but would like to know if there are applications out there that can collect a lot of data at once.
      There's quite a few apps out there, but it's interesting to see what people actually using for this.

      cheers for any tips, links etc.

      rob