This repository has been archived by the owner on May 7, 2024. It is now read-only.
Spoofed User-Agent String #17
Comments
|
That's right--the tool will throw a false positive in the case that a browser or bot spoofs the User Agent. The heuristic used just compares the expected TLS fingerprint for a given User Agent to the actual TLS fingerprint of the connection. So, the 'Likely MITM' outcome can be attributed to an actual MITM or a spoofed User Agent (or a fingerprint database that is incomplete). The tool can also throw false negatives if a MITM mimics the client browser's TLS fingerprint (i.e. ClientHello). However, I don't necessarily see this as a bad thing because then the MITM software actually has to support a modern TLS stack. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Will this tool false-positive on browser clients that intentionally spoof their User-Agent, or is there a mitigation for this?
The text was updated successfully, but these errors were encountered: