Author Topic: Malzilla: making templates for browser identification  (Read 42903 times)

0 Members and 1 Guest are viewing this topic.

August 18, 2008, 06:29:48 pm
Read 42903 times

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
Hi,

One of the new things in Malzilla 1.0 are templates.
These can be used for adding DOM objects to scripts where the script is asking for a DOM object that is not internally supported by Malzilla.

In this thread I would like to collect info for making templates for DOM object navigator
Please visit the following page:
http://malzilla.sourceforge.net/browser_test.html

Here you can see which info contains your browser in DOM object navigator.
Not all of the properties are supported by all the browser, so do not get confused if you see "unsupported" as the value of some property.

So, I need as much as possible info on various configurations. Please copy/paste the content of the page here as viewed from your browser.
I'm mostly interested in info from Asian users, to see the identification for various system languages, as there is a ongoing trend of exploits that will attack just the systems using some specified language (e.g. there are exploits that will run just if the system is identified to use Chinese language).

Thank you.

P.S.  That page will stay there in future too, so you can bookmark it if you need it for any other use. You are allowed to post the link to the page wherever you find the need to use it.

August 18, 2008, 07:08:45 pm
Reply #1

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Quote
navigator.appCodeName: Mozilla
navigator.appMinorVersion: 0
navigator.appName: Microsoft Internet Explorer
navigator.appVersion: 4.0 (compatible; MSIE 7.0; Windows NT 5.1)
navigator.browserLanguage: en-us
navigator.cookieEnabled: true
navigator.cpuClass: x86
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: en-gb
navigator.userAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
navigator.userLanguage: en-gb

Quote
navigator.appCodeName: Mozilla
navigator.appMinorVersion: undefined
navigator.appName: Netscape
navigator.appVersion: 5.0 (Windows; en-US)
navigator.browserLanguage: undefined
navigator.cookieEnabled: true
navigator.cpuClass: undefined
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: undefined
navigator.userAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
navigator.userLanguage: undefined


August 18, 2008, 07:15:38 pm
Reply #2

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
IE6 from WinXP SP2 (take a look at appMinorVersion, it is often used in scripts to identify this version of IE6):
Quote
navigator.appCodeName: Mozilla
navigator.appMinorVersion: ;SP2;
navigator.appName: Microsoft Internet Explorer
navigator.appVersion: 4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
navigator.browserLanguage: en-us
navigator.cookieEnabled: true
navigator.cpuClass: x86
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: en-gb
navigator.userAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
navigator.userLanguage: en-gb

August 18, 2008, 07:52:11 pm
Reply #3

Orac

  • Special Members
  • Hero Member

  • Offline
  • *

  • 723
    • malwareremoval.com
IE7 WinXP SP3

Quote
navigator.appCodeName: Mozilla
navigator.appMinorVersion: 0
navigator.appName: Microsoft Internet Explorer
navigator.appVersion: 4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
navigator.browserLanguage: en-us
navigator.cookieEnabled: true
navigator.cpuClass: x86
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: en-gb
navigator.userAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
navigator.userLanguage: en-gb

Firefox 2.0.0.16 WinXP SP3
Quote
navigator.appCodeName: Mozilla
navigator.appMinorVersion: undefined
navigator.appName: Netscape
navigator.appVersion: 5.0 (Windows; en-GB)
navigator.browserLanguage: undefined
navigator.cookieEnabled: true
navigator.cpuClass: undefined
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: undefined
navigator.userAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16
navigator.userLanguage: undefined
Malware analysised using clarified analyzer to record and document how malware behaves in a networking environment

August 18, 2008, 07:59:37 pm
Reply #4

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
@Orac
Interesting, there is no changes in OS version between SP2 and SP3.

August 18, 2008, 08:21:18 pm
Reply #5

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
Related thread on MyCity (my home-forum):
http://www.mycity.co.yu/Zastita/Potrebna-mala-pomoc-4.html

We have discussion there trying to find which system setting IE takes for navigator.userLanguage.
As it can be seen from posts, all of them are using English Windows (there is no localized version in Serbian), but IE shows sr as userLanguage on some configurations.

August 19, 2008, 12:22:31 am
Reply #6

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
Windows Vista Enterprise SP1 + IE7
EN-US - nothing Asian here... Sorry.

navigator.appCodeName: Mozilla
navigator.appMinorVersion: 0
navigator.appName: Microsoft Internet Explorer
navigator.appVersion: 4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022; MS-RTC LM 8)
navigator.browserLanguage: en-us
navigator.cookieEnabled: true
navigator.cpuClass: x86
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: en-us
navigator.userAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022; MS-RTC LM 8)
navigator.userLanguage: en-us

August 19, 2008, 12:30:35 am
Reply #7

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Code: [Select]
navigator.appCodeName: Mozilla
navigator.appMinorVersion: ;SP2;
navigator.appName: Microsoft Internet Explorer
navigator.appVersion: 4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
navigator.browserLanguage: en-us
navigator.cookieEnabled: true
navigator.cpuClass: x86
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: en-gb
navigator.userAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
navigator.userLanguage: en-gb

Code: [Select]
navigator.appCodeName: Mozilla
navigator.appMinorVersion:
navigator.appName: Opera
navigator.appVersion: 9.51 (Windows NT 5.1; U; en-GB)
navigator.browserLanguage: en-GB
navigator.cookieEnabled: true
navigator.cpuClass: undefined
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: undefined
navigator.userAgent: Opera/9.51 (Windows NT 5.1; U; en-GB)
navigator.userLanguage: en-GB

Code: [Select]
navigator.appCodeName: Mozilla
navigator.appMinorVersion: undefined
navigator.appName: Netscape
navigator.appVersion: 5.0 (Windows; en-US)
navigator.browserLanguage: undefined
navigator.cookieEnabled: true
navigator.cpuClass: undefined
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: undefined
navigator.userAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008071423 Firefox/3.0 Orca/1.x
navigator.userLanguage: undefined
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

August 19, 2008, 05:31:29 pm
Reply #8

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla

August 23, 2008, 05:19:26 pm
Reply #9

Orac

  • Special Members
  • Hero Member

  • Offline
  • *

  • 723
    • malwareremoval.com
From a friend in Singapore whos using Vista.

FF3

navigator.appCodeName: Mozilla
navigator.appMinorVersion: undefined
navigator.appName: Netscape
navigator.appVersion: 5.0 (Windows; en-US)
navigator.browserLanguage: undefined
navigator.cookieEnabled: true
navigator.cpuClass: undefined
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: undefined
navigator.userAgent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
navigator.userLanguage: undefined

IE7

navigator.appCodeName: Mozilla
navigator.appMinorVersion: 0
navigator.appName: Microsoft Internet Explorer
navigator.appVersion: 4.0 (compatible; MSIE 7.0; Windows NT 6.0; Avant Browser; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)
navigator.browserLanguage: en-us
navigator.cookieEnabled: true
navigator.cpuClass: x86
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: en-sg
navigator.userAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Avant Browser; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)
navigator.userLanguage: en-sg

FF2

navigator.appCodeName: Mozilla
navigator.appMinorVersion: undefined
navigator.appName: Netscape
navigator.appVersion: 5.0 (Windows; en-US)
navigator.browserLanguage: undefined
navigator.cookieEnabled: true
navigator.cpuClass: undefined
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: undefined
navigator.userAgent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16
navigator.userLanguage: undefined
Malware analysised using clarified analyzer to record and document how malware behaves in a networking environment

August 27, 2008, 10:25:45 pm
Reply #10

sowhat-x

  • Guest
Since people already have submitted recent browser versions under latest XP/Vista builds,
I thought of submitting few older ones as well...and all of them under XP SP1 English,he-he...  ;)

Quote
Firefox 2.0.0.1
navigator.appCodeName: Mozilla
navigator.appMinorVersion: undefined
navigator.appName: Netscape
navigator.appVersion: 5.0 (Windows; en-US)
navigator.browserLanguage: undefined
navigator.cookieEnabled: true
navigator.cpuClass: undefined
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: undefined
navigator.userAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
navigator.userLanguage: undefined
Quote
IE 6.0.2800.1106 (with couple of m$-patches...)
navigator.appCodeName: Mozilla
navigator.appMinorVersion: ;SP1;Q867801;Q823353;
navigator.appName: Microsoft Internet Explorer
navigator.appVersion: 4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
navigator.browserLanguage: en-us
navigator.cookieEnabled: true
navigator.cpuClass: x86
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: en-us
navigator.userAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
navigator.userLanguage: en-us
Quote
Opera 9.02
navigator.appCodeName: Mozilla
navigator.appMinorVersion:
navigator.appName: Opera
navigator.appVersion: 9.02 (Windows NT 5.1; U; en)
navigator.browserLanguage: en
navigator.cookieEnabled: true
navigator.cpuClass: undefined
navigator.onLine: undefined
navigator.platform: Win32
navigator.systemLanguage: undefined
navigator.userAgent: Opera/9.02 (Windows NT 5.1; U; en)
navigator.userLanguage: en
Quote
K-Meleon 1.02
navigator.appCodeName: Mozilla
navigator.appMinorVersion: undefined
navigator.appName: Netscape
navigator.appVersion: 5.0 (Windows; en-US)
navigator.browserLanguage: undefined
navigator.cookieEnabled: true
navigator.cpuClass: undefined
navigator.onLine: true
navigator.platform: Win32
navigator.systemLanguage: undefined
navigator.userAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060917 K-Meleon/1.02
navigator.userLanguage: undefined

Do you want me to check few *nix browsers at some moment,say Konqueror,Dillo etc?...  ::)

September 03, 2008, 02:28:29 am
Reply #11

sowhat-x

  • Guest
Quote
Google Chrome 0.2.149.27 (Official Build 1583)
navigator.appCodeName: Mozilla
navigator.appMinorVersion: undefined
navigator.appName: Netscape
navigator.appVersion: 5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13
navigator.browserLanguage: undefined
navigator.cookieEnabled: true
navigator.cpuClass: undefined
navigator.onLine: undefined
navigator.platform: Win32
navigator.systemLanguage: undefined
navigator.userAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13
navigator.userLanguage: undefined
Quote
Safari 3.1.2
navigator.appCodeName: Mozilla
navigator.appMinorVersion: undefined
navigator.appName: Netscape
navigator.appVersion: 5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21
navigator.browserLanguage: undefined
navigator.cookieEnabled: true
navigator.cpuClass: undefined
navigator.onLine: undefined
navigator.platform: Win32
navigator.systemLanguage: undefined
navigator.userAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21
navigator.userLanguage: undefined

So,from my understanding...
Chrome is Safari dressed in different clothes,he-he...(Die Internet Exploder Die!)  ;D
It's html / javascript inspection abilities are kinda interesting,
although nothing that can't also be done with FF and extensions:
http://www.mozilla.org/projects/inspector/
http://chrispederick.com/work/web-developer/

Quote
Maxthon 2.1.4
It uses the same engine as IE under the scenes,
thereby it returns the same stuff with whatever version of IE someone has already installed.
Only difference is that it adds a "MAXTHON 2.0" string in the end of the userAgent value,eg:
navigator.userAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; MAXTHON 2.0)

PS:Sorry bobby,haven't had the time to check any linux browsers yet...

October 03, 2008, 08:31:12 am
Reply #12

sowhat-x

  • Guest
Quote
SeaMonkey 1.1.8 (Running on Puppy Linux)
navigator.appCodeName: Mozilla
navigator.appMinorVersion: undefined
navigator.appName: Netscape
navigator.appVersion: 5.0 (X11; en-US)
navigator.browserLanguage: undefined
navigator.cookieEnabled: true
navigator.cpuClass: undefined
navigator.onLine: true
navigator.platform: Linux i686
navigator.systemLanguage: undefined
navigator.userAgent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080312 SeaMonkey/1.1.8
navigator.userLanguage: undefined

October 03, 2008, 02:48:17 pm
Reply #13

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
Thanks sowhat-x,
Linux is less targeted OS, so you do not need to bother with it.
Thanks a lot for the Chrome strings.

btw. did these exploits for Chrome got in the wild or it was just a proof of concept that is already patched?

October 03, 2008, 04:37:49 pm
Reply #14

sowhat-x

  • Guest
Quote
...did these exploits for Chrome got in the wild...
Didn't really kept track on the story,but I don't think they really got spread out there...
Pretty much just for the fuzz out of it,he-he...