Comments on: Modifying the Paros Proxy User-Agent String http://www.cutawaysecurity.com/blog/archives/9 Cutaway's Observations, Opinions, Rants, Raves, Tantrums, and Tirades Tue, 16 Feb 2010 06:48:31 +0000 http://wordpress.org/?v=2.8.4 hourly 1 By: Paco Hope http://www.cutawaysecurity.com/blog/archives/9/comment-page-1#comment-30988 Paco Hope Wed, 25 Jun 2008 20:29:37 +0000 http://www.cutawaysecurity.com/blog/?p=9#comment-30988 This is not true security, but every irritations put in front of a hacker may make them go elsewhere. This kind of defense won't stop any kind of determined hacker, but it probably makes script kiddies and wannabes struggle more. That means they either go away frustrated or are noisier as they try to get past this stupid protection. Either way, it reduces the population of people attacking you at a trivial cost. I shudder to think how many people will misread this and think I advocate silly defenses instead of real ones. That's not it. If the developers did this to protect shoddy code, they're dumb. If they did it to repel script kiddies, they put in a low cost defense that has some trivial value. This is not true security, but every irritations put in front of a hacker may make them go elsewhere. This kind of defense won’t stop any kind of determined hacker, but it probably makes script kiddies and wannabes struggle more. That means they either go away frustrated or are noisier as they try to get past this stupid protection. Either way, it reduces the population of people attacking you at a trivial cost.

I shudder to think how many people will misread this and think I advocate silly defenses instead of real ones. That’s not it. If the developers did this to protect shoddy code, they’re dumb. If they did it to repel script kiddies, they put in a low cost defense that has some trivial value.

]]> By: GooHackle http://www.cutawaysecurity.com/blog/archives/9/comment-page-1#comment-30773 GooHackle Wed, 14 Nov 2007 18:09:42 +0000 http://www.cutawaysecurity.com/blog/?p=9#comment-30773 Hi, I do the same to remove the "Paros/3..." string from the user agent because some applications check this and doesn't return the expected results. I use Eclipse to work over the Paros project and now I'm thinking in add functionalities and improve the paros proxy... looks easy... let's see... Hi, I do the same to remove the “Paros/3…” string from the user agent because some applications check this and doesn’t return the expected results.

I use Eclipse to work over the Paros project and now I’m thinking in add functionalities and improve the paros proxy… looks easy… let’s see…

]]> By: cutaway http://www.cutawaysecurity.com/blog/archives/9/comment-page-1#comment-30770 cutaway Tue, 13 Nov 2007 02:15:46 +0000 http://www.cutawaysecurity.com/blog/?p=9#comment-30770 @Paul, The version that I used was older than the most recent version of Paros Proxy. Also, I have started using the work around posted by Brad in the comments above. <blockquote>Or you can change the target on on the shortcut to include -nouseragent C:\WINDOWS\system32\javaw.exe -jar paros.jar -nouseragent on my system.</blockquote> Because I am using this option I do not need to modify the code or rebuild the executable. Therefore, I do not have a build.xml to provide for you. Good luck, Cutaway @Paul,

The version that I used was older than the most recent version of Paros Proxy. Also, I have started using the work around posted by Brad in the comments above.

Or you can change the target on on the shortcut to include -nouseragent

C:\WINDOWS\system32\javaw.exe -jar paros.jar -nouseragent on my system.

Because I am using this option I do not need to modify the code or rebuild the executable. Therefore, I do not have a build.xml to provide for you.

Good luck,
Cutaway

]]> By: Paul http://www.cutawaysecurity.com/blog/archives/9/comment-page-1#comment-30769 Paul Mon, 12 Nov 2007 18:37:06 +0000 http://www.cutawaysecurity.com/blog/?p=9#comment-30769 Thanks for the articule dude, it's quite useful. However, i'm having problems while compiling. Some kind'a error in the Kb.class file. I asume something is going wrong in my build file. Could you please post me the build.xml file to see what is it that i'm doing wrong? Thanks a lot. Paul. Thanks for the articule dude, it’s quite useful.
However, i’m having problems while compiling.
Some kind’a error in the Kb.class file.
I asume something is going wrong in my build file.
Could you please post me the build.xml file to see what is it that i’m doing wrong?

Thanks a lot.
Paul.

]]> By: Phishme » EXIF Scrubbing: Hey, Harry! Know your Tool and Wash your Hands. http://www.cutawaysecurity.com/blog/archives/9/comment-page-1#comment-22531 Phishme » EXIF Scrubbing: Hey, Harry! Know your Tool and Wash your Hands. Thu, 19 Jul 2007 19:01:34 +0000 http://www.cutawaysecurity.com/blog/?p=9#comment-22531 [...] In short, tools often leave a footprint -  whether it’s a user-agent tag in the popular Paros tool, or not so steathly NMAP scans. If you have a way to dig deeper and see what the tool is [...] [...] In short, tools often leave a footprint -  whether it’s a user-agent tag in the popular Paros tool, or not so steathly NMAP scans. If you have a way to dig deeper and see what the tool is [...]

]]> By: Brad http://www.cutawaysecurity.com/blog/archives/9/comment-page-1#comment-1706 Brad Wed, 17 Jan 2007 19:14:11 +0000 http://www.cutawaysecurity.com/blog/?p=9#comment-1706 Or you can change the target on on the shortcut to include -nouseragent C:\WINDOWS\system32\javaw.exe -jar paros.jar -nouseragent on my system. But I never would have found the flag without your write up valuable information. Or you can change the target on on the shortcut to include -nouseragent

C:\WINDOWS\system32\javaw.exe -jar paros.jar -nouseragent on my system.

But I never would have found the flag without your write up valuable information.

]]>