[Emerging-Sigs] An interesting user agent
Jack Pepper
pepperjack at afferentsecurity.com
Wed Apr 16 16:41:09 EDT 2008
the machine is XP. It looks like yahoo massager is using a "win95"
user agent?
WTF?
10:49:53.131379 IP 10.2.2.65.1300 > 216.155.194.210.80: .
4126901949:4126903209(1260) ack 2502841366 win 64512
0x0000 4500 0514 0a1b 4000 8006 4418 0a02 0241 E..... at ...D....A
0x0010 d89b c2d2 0514 0050 f5fb 86bd 952e 5416 .......P......T.
0x0020 5010 fc00 8110 0000 504f 5354 202f 6e6f P.......POST./no
0x0030 7469 6679 6674 2048 5454 502f 312e 310d tifyft.HTTP/1.1.
0x0040 0a52 6566 6572 6572 3a20 4352 4157 4441 .Referer:.CRAWDA
0x0050 4444 590d 0a55 7365 722d 4167 656e 743a DDY..User-Agent:
0x0060 204d 6f7a 696c 6c61 2f34 2e30 3120 5b65 .Mozilla/4.01.[e
0x0070 6e5d 2028 5769 6e39 353b 2049 290d 0a48 n].(Win95;.I)..H
0x0080 6f73 743a 2066 696c 6574 7261 6e73 6665 ost:.filetransfe
0x0090 722e 6d73 672e 7961 686f 6f2e 636f 6d0d r.msg.yahoo.com.
0x00a0 0a43 6f6e 7465 6e74 2d4c 656e 6774 683a .Content-Length:
0x00b0 2031 3735 3738 0d0a 4361 6368 652d 436f .17578..Cache-Co
0x00c0 6e74 726f 6c3a 206e 6f2d 6361 6368 650d ntrol:.no-cache.
0x00d0 0a43 6f6f 6b69 653a 2042 3d62 7276 6f71 .Cookie:.B=brvoq
jp
--
Framework? I don't need no stinking framework!
----------------------------------------------------------------
@fferent Security Labs: Isolate/Insulate/Innovate
http://www.afferentsecurity.com
More information about the Emerging-sigs
mailing list