GUIDE to (mostly)
How to Fake out
Web Servers When You Visit
Volume 3, Number 14
by Carolyn Meinel
Did you know that most web browsers dutifully identify themselves
to every web site you visit? There's often a good reason for
this. Some web sites will send you pages customized to give you
better viewing with the type of browser you use. Some sites use
your header information to choose what language to display. Some
intrusion detection techniques even look at headers to get an
idea whether a connection to a website is being made by a legitimate
browser or by a clumsily programmed attack
If it bugs you to tell web sites everything your browser wants
to tell them, here's how to fake them out.
Telnet! Yes, my favorite all purpose mostly harmless hacking
technique is telnet. If you use Windows and have never used telnet,
type Start --> Run --> type telnet in the window and hit
enter. This will give you a black window with something like
this in it:
Welcome to Microsoft Telnet Client.
Escape character is 'CTRL+]'
Now here's a fun thing to do. At the telnet prompt, type "open
happyhacker.org 80" . Now wait a few seconds and then hold
down the Ctrl key and the c key with one hand and hit enter with
This will give you something like:
HTTP/1.0 408 Request Timeout
Server: thttpd/2.20c 21nov01 on a Brickserver 2
Date: Wed, 31 Jan 2007 13:23:03 GMT
Last-modified: Wed, 31 Jan 2007 13:23:03 GMT
<HTML><HEAD><TITLE>408 Request Timeout
</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H2>408 Request Timeout</H2>
No request appeared within a reasonable time period.
thttpd/2.20c 21nov01 on a Brickserver 2</A></ADDRESS>
Connection to host lost.
Now to get something better, instead you can type Start -->
Run and type in "cmd". This gives an MSDOS windows
and it looks something like this:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Carolyn Meinel>
From here we can do something much more fun to unsuspecting
webservers. Open Notepad and type this in two lines:
telnet happyhacker.org 80
It won't work unless you have this in two lines! Next copy
these two lines and at the MSDOS window prompt right click, choose
paste, and then hit enter. This will display all the code that
the webserver would normally send your browser.
OK, so why is this a big deal? You can get the same code just
by using the "page source" command on your browser.
However, you got this code without having to send the browser
any extra headers. All you sent was the most basic web browser
command, the "GET" command.
Even more important...!!!
You can go to jail warning: If you send
a webserver a command that is designed to break into or crash
it, you just might wind up being cellmate Spike's girlfriend.
Yes, those nasty script kiddie websites offer exploits to send
to webservers, and if you try them on about a thousand different
websites you may eventually get unlucky and actually break in.
If you want to try out all sorts of weird commands against
a webserver without breaking the law, you have permission to
do it against this website, happyhacker.org and you can't get
into any trouble because I own it and I set the rules, which are, basically, you can do anything you want, see if you can crash happyhacker.org or break in, it's OK with me, muhahaha!
Next, you can set up your web browser to send headers of your
own design. This article by Eric Giguere is still useful for
learning how to modify your browser's headers. He also has a
link that displays a portion (not the entire
thing) of your browser's headers. Using this link, I learn
that my browser sent out this:
cookie JSESSIONID=5CF0B8F73EB94ECA1D6AA324F2AA1ADC; __utma=13
user-agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:220.127.116.11) Gecko/20061204 Firefox/18.104.22.168
You can tell this doesn't show everything because it doesn't
include the "GET" command.
Now let's say you would like to see absolutely everything your browser sends. You can do this by setting up a network sniffer on your own computer and use it to see everything that goes back and forth between your browser and a website. This can be especially interesting if you visit malicious websites, meaning those that try to break into your computer through your browser to install spyware and even worse Trojans that enable criminals to hide their nasty activities inside your computer. Check out http://www.winpcap.org/to learn about sniffers and for free downloads of sniffer tools.
Last but not least, you can see what your headers look like by installing the free Apache webserver on your home computer. You can direct your browser to it by typing "localhost" or "127.0.0.1" into your browser or your telnet connection.
In order to ensure that your Apache webserver saves the headers of your browser, you have to find the file named http.conf. Open it in notepad and look for the line:
CustomLog logs/agent.log agent
If there is a "#" in front of it this means Apache ignores it. If you delete the "#" then Apache will record the headers of visiting browsers, but only after you restart Apache. Then after visiting it with your browser, you will find your headers in the agent.log file in the logs directory.
Of course after reading all this, you may wonder what the big deal is about forging headers. Or maybe you think this is super fun, in which case you must be a real hacker.
OK, so now lets go do fun stuff with the free Firefox browser. In the browser window type:
Scroll down the screen this displays to general.useragent.extra.firefox. and then double click on this line. You can change it to whatever you want. I change it from Firefox/22.214.171.124 to Lynx. Yes, most of you are too young to remember Lynx, but I'm a really, really ancient hacker and back when the Web was young we didn't have pictures and all that newfangled fancy stuff. The web was just words and links, and Lynx, which we ran from a Unix shell account (this was before Linux even!) was how we crawled the web.
Next I double click on general.useragent.locale and change en-US (meaning I want to see websites in English if they offer that option) to en-Lower Slobovia
Oh, pooh, it turns out all this does is change one of my headers to:
user-agent Mozilla/5.0 (Windows; U; Windows NT 5.1; Lower Slobovia; rv:126.96.36.199) Gecko/20061204 Lynx
This failure to totally fubar the headers tells me we can have much more fun if we use telnet or even netcat to directly connect to webservers. Then we finally can really, really fake out anyone who actually reads the logs.
You can get punched in the nose warning: Many intrusion detection and prevention systems look for really screwy browser headers. Make yours weird enough and you will make someone hopping mad -- and he or she might tell your online provider that you, yes you, sent evil headers. Yes, you can be tracked back to your home computer. If your online provider is terrified of hackers (could you actually be an evil, evil, criminal?) they might cancel your Internet service.
But lets get back to that Firefox about:config screen. Have you ever tried to enter a really weird URL you found on a hacker website into your browser and it didn't do what you expected? Your browser might be the culprit. Check out:
It lists all the characters your browser ignores. Many of these aren't even on your keyboard, although you can create them with a hex editor. Some of them you can't send through telnet, either. The ultimate solution to all that is netcat, a telnet-like program that is also good for lots of amazing, things. If you try really hard, netcat can enable you to do truly amazing "you can get punched in the nose" or "you can go to jail" stuff to webservers. Your choice.
Where are those back issues of GTMHHs? Check out the official Happy Hacker Web page at http://www.happyhacker.org.
We are against computer crime. We support good, old-fashioned hacking of the kind that led to the creation of the Internet and a new era of freedom of information. But we hate computer crime. So don't email us about any crimes you may have committed or may want to commit!
Why do we give out information that even the total beginner
may use as a two-edged sword of cyberspace power? We do
this "to turn over to [hu]mankind
at large the greatest possible power to control
the world and deal with it according to its lights and
values." -- Robert J. Oppenheimer, head
of the Manhattan Project, which created the world's first nuclear
Back to the Guides to
(mostly) Harmless Hacking --->>