Iframes leak the real "navigator" object about random-user-agent HOT 35 CLOSED

#7 and #26

from random-user-agent.

Maybe... clicking over to iframe is way after the page is loaded. This plugin:

https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg?hl=en

Changes platform. You can crib that code. The cookie approach seems straight up crazy. The plugin does not handle JS-iframe though either... in fact none of them do and most change the user agent incorrectly in any case. Chrome is without a proper user agent spoofer and that blows my mind.

from random-user-agent.

Also check out chameleon and x-agent extensions.

Changing UA is fighting google it seems: https://bugs.chromium.org/p/chromium/issues/detail?id=395932

from random-user-agent.

Thank you, lets please continue the non-iframe related topics in their existing tickets though.

Yes, it seems to be quite tricky to change the user agent throughout the system and unfortunately the cookie approach is not as crazy as you said, it is not without problems either though and still requires some tweaking.

The other navigator properties, the iframe, and the delayed property overload are three distinct problems however, with the former being the easiest to fix.

from random-user-agent.

For the time being it seems there is no proper fix for that issue. It has been known for quite some time but was not addressed so far by Google.

Help and/or input is certainly appreciated.

from random-user-agent.

Why add UA after the browser shortcut to display the modified UA correctly?

from random-user-agent.

Could you rephrase the question? I am not quite sure what you mean by "add after browser shortcut".

from random-user-agent.

For example

D:\chrome.exe --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"

from random-user-agent.

This is a Chrome command line parameter to which extensions have no access.

from random-user-agent.

I see. Thank you.

from random-user-agent.

How does this extension do iframe spoofing?
https://chrome.google.com/webstore/detail/user-agent-switcher-and-m/bhchdcejhohfmigjafbampogmaanbfkg

from random-user-agent.

That seems to be an excellent point, @gqzc. They seem to have found a solution by targeting iframes specifically -> https://github.com/ray-lothian/UserAgent-Switcher/blob/194bbaf47257e1890242e960c6b857c34becd469/data/inject.js#L30-L38

@tarampampam, that could be a viable solution for RUA as well.

from random-user-agent.

@neroux Can we use this scheme in random-user-agent?

from random-user-agent.

Possibly. It would require further analysis but - as mentioned in my tag to @tarampampam - I am pretty confident the same approach could be used for RUA.

from random-user-agent.

I'm really looking forward to it.

from random-user-agent.

Unfortunately I cant promise how quickly I'll get to have a look at a potential implementation. So unless someone else steps up, no guarantees on how soon that might be available I am afraid.

from random-user-agent.

Thank you

from random-user-agent.

I managed to analyse it a bit better and it appears the mentioned extension manages to change the iframe user agent only on Chrome. Firefox still returns the actual user agent.

On Chrome, however, the fix might be easier than originally assumed and the manifest flag added with 44b7f67 might do the trick.

from random-user-agent.

Thanks for your works

from random-user-agent.

Firefox, you can read this post, maybe it will help you.
https://gitlab.com/ntninja/user-agent-switcher/issues/21

from random-user-agent.

Thanks @gqzc, that link actually looks promising as the extension in question does seem to be able to override the user agent correctly on Firefox. It does not seem to configure the content script in the manifest but injects it on-the-fly. That might require some rewrite of RUA, so no guarantee how quickly I will get around to implement that.

In any case, thanks!

from random-user-agent.

Firefox doesn't matter. I'm looking forward to Chrome. There's no need to hurry. Take your time.

from random-user-agent.

Personally I believe Firefox should matter a lot more than Chrome, but thats an ideological thing :)

• https://arstechnica.com/gadgets/2018/12/the-web-now-belongs-to-google-and-that-should-worry-us-all/
• https://haschromefullytakenoveryet.com/

As for the Chrome version, I believe yesterday's commit should "fix" that for Chrome but it was rather a hotfix than a thoroughly tested one, to be honest. @tarampampam just needs to publish a new version now :).

from random-user-agent.

the extension in question does seem to be able to override the user agent correctly on Firefox.

Hmm, earlier it seemed that way, now I cant reproduce that any longer and the extension in question does not manage to override the user agent in a Firefox/iframe context either.

@gqzc, can you confirm whether it actually works for you on Firefox?

from random-user-agent.

I use Chrome most of the time, Firefox only occasionally, so I don't think Firefox matters to me.It is true that the user agent in the Firefox/iframe context cannot be overridden, and it would be better if it could be modified

from random-user-agent.

@neroux Iframe can spoofing successfully, but why can't it spoofing on this website?
http://www.runoob.com/try/try.php?filename=try_nav_all

from random-user-agent.

@gqzc, I am afraid I am not quite sure about your question. It appears to be the identical you posed in #67, which actually led here.

from random-user-agent.

thank you all the same

from random-user-agent.

@gqzc, version 2.2.8 which was just released should address this issue. Could you verify it?

from random-user-agent.

I am afraid it appears as if 44b7f67 did not fix the issue on Chrome.

If anyone is up to fix this issue a pull request would be definitely appreciated.

from random-user-agent.

@neroux The new version solves this problem, but the problem of #67 still exists.
Thanks for your works！

from random-user-agent.

https://github.com/kkapsner/CanvasBlocker

@neroux Might be able to help you with this issue as the extension manages to sucessfully protect the navigator api.

By using it I have managed to make this website believe I am using Firefox on linux, by spoofing the navigator api's output using the extension.

Just for reference I am actually using Firefox on windows.

Website used: http://f.vision

from random-user-agent.

Thanks, @BigCod. It would seem they addressed this particular issue by introducing a dedicated frame handler, https://github.com/kkapsner/CanvasBlocker/blob/85320924fadb95b4939a5faf6869b6baee35b8b3/manifest.json#L63-L65

This probably could be adapted for RUA as well, might require some major code changes though. If you'd like to have a look at this, please submit a PR whenever convenient for you. Also tagging @tarampampam

from random-user-agent.

Hi to all, and sorry for the late reply (2 years!). I have made the required changes and released version 3.1.1 - could anyone verify that all is ok now? 😄

from random-user-agent.

🔥 The fixed version (v3.2.0) has been released recently! Please check that everything is exactly as you wanted :)

from random-user-agent.