DOCSLIB.ORG

3 User-Agent 17 3.1 Format

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
3 User-Agent 17 3.1 Format Masaryk University Faculty of Informatics Detection of network attacks using HTTP related information Master’s Thesis Lenka Kuníková Brno, Spring 2017 Masaryk University Faculty of Informatics Detection of network attacks using HTTP related information Master’s Thesis Lenka Kuníková Brno, Spring 2017 This is where a copy of the official signed thesis assignment and a copy ofthe Statement of an Author is located in the printed version of the document. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Lenka Kuníková Advisor: RNDr. Pavel Minařík PhD. i Acknowledgement I would like to thank to my advisor RNDr. Pavel Minařík, PhD. and to Mgr. Martin Juřen for guidance and useful advices. iii Abstract This thesis deals with extended HTTP network flows and their ap- plication for the detection of various attacks and anomalies on the network. It highlights advantages of extended HTTP flows on cho- sen attacks, it implements and tests existing detection methods and suggests numerous improvements. Furthermore the thesis analyses in detail User-Agent request header. It describes possibilities of how this field can by used for anomaly detection and explains problems related to User-Agent analysis. iv Keywords Flow monitoring, HTTP, Anomaly detection, User-Agent, Brute-force attack, SQL injection v Contents 1 Introduction 1 2 HTTP 3 2.1 Basic concepts .........................3 2.2 URI ..............................4 2.3 Message format ........................5 2.3.1 HTTP request . .5 2.3.2 Methods . .7 2.3.3 Response message . .9 2.3.4 Status code . 10 2.4 Architectural Components of the Web ............ 11 2.4.1 Virtual hosting . 11 2.4.2 Proxy servers . 12 2.4.3 Caching . 13 2.4.4 Gateways . 14 2.4.5 Tunnels . 14 2.5 Authentication and secure HTTP ............... 14 2.6 HTTP/2 ............................ 16 3 User-Agent 17 3.1 Format ............................. 18 3.1.1 Non-browser . 18 3.1.2 Browser . 19 3.2 Compatibility and spoofing .................. 20 3.3 User-agents in MU network ................. 21 4 Network monitoring 23 4.1 Experiment setup ....................... 25 4.2 Shortcomings of monitoring method ............. 26 5 Network Scanning 27 5.1 HTTP scanning ........................ 28 5.1.1 Incoming traffic . 28 5.1.2 Outgoing traffic . 29 5.2 Directory traversal ...................... 31 5.3 Summary ........................... 32 vii 6 Brute Force Attacks 33 6.1 Targeted authentication methods ............... 34 6.2 Attacks against HTTP based authentication ......... 34 6.3 Attacks against authentication using POST method ..... 35 6.4 Attacks against authentication using GET method ...... 40 6.5 Summary ........................... 41 7 Code injection 43 7.1 SQL injection ......................... 43 7.1.1 Basic principle . 44 7.1.2 Attack types . 44 7.1.3 Detection . 45 7.2 Cross-site scripting ...................... 47 7.2.1 Detection . 48 7.3 Summary ........................... 50 8 User agent anomalies 51 8.1 Blacklists and pattern matching ............... 52 8.1.1 Known malicious UA strings . 52 8.1.2 Company policies and unwanted software . 54 8.1.3 Code injection . 55 8.2 Missing User-Agent ..................... 55 8.3 Many User-Agents from one IP address ........... 57 8.3.1 Outgoing traffic . 58 8.3.2 Incoming traffic . 59 8.4 Unusual User-Agent ..................... 61 8.5 Discrepant User-Agent .................... 63 8.6 Summary ........................... 65 9 Conclusion 67 A List of created scripts 69 Bibliography 71 viii 1 Introduction HTTP is one of the most commonly used application layer protocols. Every time a person tries to display a web page in a browser, the communication is carried out by HTTP or its secure version HTTPS. A significant part of network traffic is therefore performed viaHTTP. However, everything that is frequently used is also frequently misused and HTTP is no exception. On one hand, HTTP servers are common targets of various types of attacks, for example in order to take control over the server. On the other hand, botnets often use HTTP for the communication because it is easily hidden in the rest of the network traffic. Consequently, network administrators monitor their networks to detect and mitigate this malicious behaviour. There are two main approaches to network monitoring: deep packet inspection and monitoring of network flows. This thesis deals with the second option. Although originally flows contained only information from the 3rd and 4th layer of ISO OSI model, extended flows also support export of the fields from application layer protocols including HTTP. The aim of this thesis is to explore the possibilities of how HTTP fields can be used to detect various anomalies and attacks on the network. The thesis analyses chosen attack types that can be identified thanks to extended flows. It describes existing detection methods, tests them on data from Masaryk University network and if possible, it also suggests and implements several improvements. Furthermore, the thesis deals with HTTP User-Agent field in detail. It highlights diversity of User-Agents, explains the problems related to their analysis and outlines possibilities of how this field can be used for anomaly detection Every described method is also implemented and tested on a real traffic. The thesis begins with a theoretical chapter about HTTP protocol, followed by a section dedicated to User-Agent definition. Third chap- ter shortly explains flow monitoring and describes the setup used for experiments. Following chapters are dedicated to various attacks and anomalies. First of them focuses on network scanning at HTTP level, the next one describes two attacks based on code injection and possibilities of detecting them. Chapter 7 deals with brute force attacks and chapter 8 presents five distinct concepts of how to use User-Agent field for anomaly detection. 1 2 HTTP The Hypertext Transfer Protocol (HTTP) represents the base protocol for accessing the World Wide Web. It first appeared shortly after Tim Berners-Lee introduced a proposal of World Wide Web in 1989. With his team at CERN, they were responsible for creation of HTTP as well as Hypertext Markup Language (HTML)[1]. Since its first documented version, HTTP/0.9, the protocol has undergone multiple important changes, but it still remains one of the most ubiquitous application layer protocols. Despite the fact that in 2015 its newest version, HTTP/2, was pub- lished, this chapter describes the previous version – HTTP/1.1. Theory explained in the rest of the chapter is mostly based on RFC 7230 [2] defining HTTP message format and RFC 7231 [3] defining the seman- tics. 2.1 Basic concepts HTTP uses a client-server model. Protocol defines syntax and seman- tics of the messages that a client and a server exchange in order to deliver the web page the client has requested. Clients are usually rep- resented by web browsers, but they are not the only option. An HTTP client can also be an antivirus program checking for updates, or a web crawler that helps an Internet search engine to create its database. Among HTTP servers, the most commonly used are Apache or Mi- crosoft Internet Information Server. Servers store web resources. A resource can be a simple HTML file, an image or a dynamically generated content. Such objects are addressable by Uniform Resource Identifier (URI). Client initiates a connection, creates a request for an object on specified URI, and sends this request to a server. The server retrieves requested object from its storage and sends it back to the client in an HTTP response message. HTTP presumes a reliable, connection oriented transport layer pro- tocol. Therefore, HTTP does not address problems related to missing packets or their reordering because it assumes everything was deliv- ered successfully. Normally, HTTP runs on the top of transmission control protocol(TCP) and the default port is 80, but if the number 3 2. HTTP is explicitly stated, any port can be used. The common alternative is 8080. HTTP can use both persistent and non-persistent connections. In case of non-persistent connections, each request/response pair is sent over a different TCP connection. In version 1.1 of the protocol, persistent connections are the default; multiple requests are combined into a single connection in order to reduce response delay. Another important property of HTTP is being stateless. This means that the server is not required to keep track of information about the users for the duration of multiple requests. Each request needs to be standalone and contain all important information to be satisfied [4]. 2.2 URI URI is a sequence of characters used to identify a resource. The most common type of URI is a Uniform Resource Locator (URL). It is a subset of URIs that, in addition to identifying a resource, provides the means of locating it [5]. Another option is Uniform Resource Name (URN), which does not provide a way how to locate the resource – it is location independent. URNs are not widely adopted and they will not be further discussed. The thesis only focuses on URLs and those used in HTTP satisfy the following syntax: <scheme>://<host>:<port>/<path>?<query>#<fragment> Scheme defines used protocol, which is HTTP in this case. Thehost component identifies the server hosting the resource. It can be either in the form of a hostname or an IP address. The next field determines a port the requested server is listening on. In HTTP, 80 is the default value. Path field specifies the location of the resource on the server. There is no official format for query component, but key=value pairs separated by ampersand (&) are commonly used.
Load more

Recommended publications
  • Browser Versions Carry 10.5 Bits of Identifying Information on Average [Forthcoming Blog Post]
    Browser versions carry 10.5 bits of identifying information on average [forthcoming blog post] Technical Analysis by Peter Eckersley This is part 3 of a series of posts on user tracking on the modern web. You can also read part 1 and part 2. Whenever you visit a web page, your browser sends a "User Agent" header to the website saying what precise operating system and browser you are using. We recently ran an experiment to see to what extent this information could be used to track people (for instance, if someone deletes their browser cookies, would the User Agent, alone or in combination with some other detail, be enough to re-create their old cookie?). Our experiment to date has shown that the browser User Agent string usually carries 5-15 bits of identifying information (about 10.5 bits on average). That means that on average, only one person in about 1,500 (210.5) will have the same User Agent as you. On its own, that isn't enough to recreate cookies and track people perfectly, but in combination with another detail like an IP address, geolocation to a particular ZIP code, or having an uncommon browser plugin installed, the User Agent string becomes a real privacy problem. User Agents: An Example of Browser Characteristics Doubling As Tracking Tools When we analyse the privacy of web users, we usually focus on user accounts, cookies, and IP addresses, because those are the usual means by which a request to a web server can be associated with other requests and/or linked back to an individual human being, computer, or local network.
    [Show full text]
  • Longitudinal Characterization of Browsing Habits
    Please cite this paper as: Luca Vassio, Idilio Drago, Marco Mellia, Zied Ben Houidi, and Mohamed Lamine Lamali. 2018. You, the Web, and Your Device: Longitudinal Charac- terization of Browsing Habits. ACM Trans. Web 12, 4, Article 24 (November 2018), 30 1 pages. https://doi.org/10.1145/3231466 You, the Web and Your Device: Longitudinal Characterization of Browsing Habits LUCA VASSIO, Politecnico di Torino IDILIO DRAGO, Politecnico di Torino MARCO MELLIA, Politecnico di Torino ZIED BEN HOUIDI, Nokia Bell Labs MOHAMED LAMINE LAMALI, LaBRI, Université de Bordeaux Understanding how people interact with the web is key for a variety of applications – e.g., from the design of eective web pages to the denition of successful online marketing campaigns. Browsing behavior has been traditionally represented and studied by means of clickstreams, i.e., graphs whose vertices are web pages, and edges are the paths followed by users. Obtaining large and representative data to extract clickstreams is however challenging. The evolution of the web questions whether browsing behavior is changing and, by consequence, whether properties of clickstreams are changing. This paper presents a longitudinal study of clickstreams in from 2013 to 2016. We evaluate an anonymized dataset of HTTP traces captured in a large ISP, where thousands of households are connected. We rst propose a methodology to identify actual URLs requested by users from the massive set of requests automatically red by browsers when rendering web pages. Then, we characterize web usage patterns and clickstreams, taking into account both the temporal evolution and the impact of the device used to explore the web.
    [Show full text]
  • RSA Adaptive Authentication (On-Premise) 7.2 Integration Guide
    RSA® Adaptive Authentication (On-Premise) 7.2 Integration Guide Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm Trademarks RSA, the RSA Logo, BSAFE and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm#rsa. License agreement This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person. No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be construed as a commitment by EMC. Note on encryption technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product. Distribution Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
    [Show full text]
  • Lab Exercise – HTTP
    Lab Exercise – HTTP Objective HTTP (HyperText Transfer Protocol) is the main protocol underlying the Web. HTTP functions as a re- quest–response protocol in the client–server computing model. A web browser, for example, may be the client and an application running on a computer hosting a website may be the server. The client submits an HTTP request message to the server. The server, which provides resources such as HTML files and other content, or performs other functions on behalf of the client, returns a response message to the client. The response contains completion status information about the request and may also contain requested con- tent in its message body. A web browser is an example of a user agent (UA). Other types of user agent include the indexing software used by search providers (web crawlers), voice browsers, mobile apps, and other software that accesses, consumes, or displays web content. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. High-traffic web- sites often benefit from web cache servers that deliver content on behalf of upstream servers to improve response time. Web browsers cache previously accessed web resources and reuse them when possible to reduce network traffic. HTTP is an application layer protocol designed within the framework of the Inter- net protocol suite. Its definition presumes an underlying and reliable transport layer protocol and Trans- mission Control Protocol (TCP) is commonly used. Step 1: Open the http Trace Browser behavior can be quite complex, using more HTTP features than the basic exchange, this trace will show us how much gets transferred.
    [Show full text]
  • Working with User Agent Strings in Stata: the Parseuas Command
    JSS Journal of Statistical Software February 2020, Volume 92, Code Snippet 1. doi: 10.18637/jss.v092.c01 Working with User Agent Strings in Stata: The parseuas Command Joss Roßmann Tobias Gummer Lars Kaczmirek GESIS – Leibniz Institute GESIS – Leibniz Institute University of Vienna for the Social Sciences for the Social Sciences Abstract With the rising popularity of web surveys and the increasing use of paradata by survey methodologists, assessing information stored in user agent strings becomes inevitable. These data contain meaningful information about the browser, operating system, and device that a survey respondent uses. This article provides an overview of user agent strings, their specific structure and history, how they can be obtained when conducting a web survey, as well as what kind of information can be extracted from the strings. Further, the user written command parseuas is introduced as an efficient means to gather detailed information from user agent strings. The application of parseuas is illustrated by an example that draws on a pooled data set consisting of 29 web surveys. Keywords: user agent string, web surveys, device detection, browser, paradata, Stata. 1. Introduction In recent years, web surveys have become an increasingly popular and important data collec- tion mode, and today, they account for a great share of the studies in the social sciences. Web surveys have been used to complement traditional offline surveys as a less expensive form of pre-test or a mode of choice for respondents who are not willing to use “traditional” modes, such as face-to-face or telephone interviews. Along with the rising popularity of web surveys, survey methodologists have taken an increas- ing interest in paradata, which are collected as a byproduct of the survey process (Couper 2000).
    [Show full text]
  • Why Is XHTML Needed? Isn't HTML Good Enough?
    Why is XHTML needed? Isn't HTML good enough? HTML is probably the most successful document markup language in the world. But when XML was introduced, a two-day workshop was organised to discuss whether a new version of HTML in XML was needed. The opinion at the workshop was a clear 'Yes': with an XML-based HTML other XML languages could include bits of XHTML, and XHTML documents could include bits of other markup languages. We could also take advantage of the redesign to clean up some of the more untidy parts of HTML, and add some new needed functionality, like better forms. What are the advantages of using XHTML rather than HTML? If your document is just pure XHTML 1.0 (not including other markup languages) then you will not yet notice much difference. However as more and more XML tools become available, such as XSLT for tranforming documents, you will start noticing the advantages of using XHTML. XForms for instance will allow you to edit XHTML documents (or any other sort of XML document) in simple controllable ways. Semantic Web applications will be able to take advantage of XHTML documents. If your document is more than XHTML 1.0, for instance including MathML, SMIL, or SVG, then the advantages are immediate: you can't do that sort of thing with HTML. Can I just put the XML declaration on top of existing HTML documents? Can I intermix HTML 4.01 and XHTML documents? No. HTML is not in XML format. You have to make the changes necessary to make the document proper XML before you can get it accepted as XML.
    [Show full text]
  • Economic and Technical Drivers of Technology Choice: Browsers
    Economic and Technical Drivers of Technology Choice: Browsers (Working paper: please do not cite without permission from authors) Timothy F. Bresnahan and Pai-Ling Yin First Draft: Nov 05, 2003 Abstract The diffusion of new technologies is their adoption by different economic agents at different times. A classical concern in the diffusion of technologies (Griliches, 1957) is the importance of raw technical progress versus economic forces. We examine this classical issue in the modern market of web browsers. Using a new data source, we study browser brand shares and the diffusion of new browser versions. Features of that market also generate novel questions in the economics of diffusion. We find that browser distribution via the expanding market for a complementary technology, personal computers (PCs), had a larger effect on the rate and direction of technical change than technical browser improvements. Timothy F. Bresnahan Pai-Ling Yin Landau Professor in Technology and the Economy Harvard Business School Stanford University Morgan Hall 241 Department of Economics Soldiers Field 579 Serra St. Boston MA 02163 Stanford, CA, 94305 USA [email protected] [email protected] 1 1) Introduction A new invention creates a technological opportunity. The diffusion of the new technology to the economic agents who will use it determines the rate and direction of realized technical change in the economy. We have known since the work of Griliches (1957) that both economic and technical forces shape diffusion. Invention is only the beginning of technical progress. Inventors introduce new technologies into the field and start their diffusion. The movement of the overall economy toward realizing a technological opportunity depends on the behavior of the adopters of the technology.
    [Show full text]
  • Information Systems Modeling
    Information systems modeling Tomasz Kubik Design Pattern “Each pattern describes a problem which occurs over and over again in our environment and then describes the core of the solution to that problem, in such a way that you can use this solution a million times over, without ever doing it in the same way twice” Ch.W. Alexander, S. Ishikawa, M. Silverstein, M. Jacobson, I. Fiksdahl-King, S. Angel: A Pattern Language: Towns, Buildings, Construction, 1977 Design patterns are “descriptions of communicating objects and classes that are customized to solve a general design problem in a particular context.” E. Gamma, R. Helm, R. Johnson, J. Vlissides (Gang of Four): Design Patterns: Elements of Reusable Object-Oriented Software, 1994 Design patterns can be expressed at various abstraction levels – OO programming (like GoF patterns) • Structure, Creational, and Behavioral – Design and implementation of the multi-tier software • Presentation, Business and Integration T.Kubik: ISM Design Pattern “All well-structured systems are full of patterns. A pattern provides a good solution to a common problem in a given context. A mechanism is a design pattern that applies to a society of classes; a framework is typically an architectural pattern that provides an extensible template for applications within a domain. You use patterns to specify mechanisms and frameworks that shape the architecture of your system. You make a pattern approachable by clearly identifying the slots, tabs, knobs, and dials that a user of that pattern may adjust to apply the pattern
    [Show full text]
  • HTML, CSS, & Javascript Mobile Development for Dummies
    Mobile Development/HTML ™ Making Everything Easier! Master the art of designing web pages for mobile devices — Open the book and find: a site for small screens! & JavaScript CSS HTML, • Why you should know WURFL Mobile Development HTML, CSS ® When designing a web page for mobile devices, the big thing • A system for keeping your site is — think small! Your objective is to provide what the mobile up to date user wants without losing the “wow” in your website. This • All about bitmap and vector book shows you how to do it using three key technologies. & JavaScript images Soon you’ll be building mobile pages with forms, quizzes, appropriate graphics, shopping carts, and more! • Easy ways to adjust your site for different devices Mobile Development • Think mobile — consider screen size, lack of a mouse, duel • Powerful SEO ideas to get your orientation screens, and mobile browsers site noticed • Know your audience — understand how people use the mobile • Tips for creating a mobile web and how their habits differ from those of desktop users shopping cart • Get interactive — optimize multimedia files and develop contact • How to take your blog theme forms that encourage visitors to interact with your site mobile ® • Latest and greatest — maximize the new features of HTML5 and CSS3, automate your site with JavaScript, and use WebKit Extensions • Ten mobile CSS-friendly apps and widgets • Be sure they find you — make your mobile site both easily searchable and search engine-friendly Learn to: • Use standard web tools to build sites Go to Dummies.com® for iPhone®, iPad®, BlackBerry®, and Visit the companion website at www.wiley.com/go/ for videos, step-by-step examples, Android ™ platforms htmlcssjscriptmobiledev for code samples you can how-to articles, or to shop! use when creating your mobile sites.
    [Show full text]
  • Economic and Technical Drivers of Technology Choice: Browsers
    Economic and Technical Drivers of Technology Choice: Browsers Timothy F. Bresnahan and Pai-Ling Yin First Draft: Nov 05, 2003 This Draft: August 12, 2005 Abstract The diffusion of new technologies is their adoption by different economic agents at different times. A classical concern in the diffusion of technologies (Griliches 1957) is the importance of raw technical progress versus economic forces. We examine this classical issue in a modern market, web browsers. Using a new data source, we study the diffusion of new browser versions. In a second analysis, we study the determination of browser brand shares. Both analyses let us examine the important of technical progress vs. economic forces. We find that the critical economic force was browser distribution with a complementary technology, personal computers (PCs). In both of our analyses, distribution had a larger effect on the rate and direction of technical change than technical browser improvements. This shows an important feedback. Widespread use of the Internet spurred rapid expansion of the PC market in the late 1990s. Our results show that the rapid expansion in PCs in turn served to increase the pace of diffusion of new browsers and thus move the economy toward new mass market commercial Internet use. Timothy F. Bresnahan Pai-Ling Yin Landau Professor in Technology and the Economy Harvard Business School Stanford University Morgan Hall 241 Department of Economics Soldiers Field 579 Serra St. Boston MA 02163 Stanford, CA, 94305 USA [email protected] [email protected] 1) Introduction A new invention creates a technological opportunity. The diffusion of the new technology to the economic agents who will use it determines the rate and direction of realized technical change in the economy.
    [Show full text]
  • HTTP Transactions
    05 4547 ch03 1/24/03 8:44 AM Page 29 3 HTTP Transactions HTTP TRAFFIC CONSISTS OF REQUESTS AND RESPONSES. All HTTP traffic can be associated with the task of requesting content or responding to those requests. Every HTTP message sent from a Web browser to a Web server is classified as an HTTP request, whereas every message sent from a Web server to a Web browser is classified as an HTTP response. HTTP is often referred to as a stateless protocol.Although this is accurate, it does little to explain the nature of the Web.All this means, however, is that each transaction is atomic, and there is nothing required by HTTP that associates one request with another. A transaction refers to a single HTTP request and the corresponding HTTP response. Another fundamental topic related to the nature of the Web is the topic of connections. Connections When I speak of a connection in HTTP,I refer to a TCP connection.As illustrated in Figure 3.1, a TCP connection requires three separate messages. TCP SYN TCP SYN + ACK TCP ACK Figure 3.1 A TCP connection requires three messages. SYN and ACK are two flags within the TCP segment of a packet. Because TCP is such a common transport layer protocol to be used in conjunction with IP,the combined pack- et of an IP packet containing a TCP segment is sometimes called a TCP/IP packet, even though it would best be described as a packet within a packet. By this example, you can see that a connection is unlike what you might otherwise expect.After this exchange, both computers simply consider themselves connected.
    [Show full text]
  • The Complete Guide to User Agents
    THE COMPLETE GUIDE TO USER AGENTS WHAT THEY ARE, HOW TO READ THEM, AND HOW TO USE THEM. CONTENTS 03 WHAT IS A USER AGENT? 04 HOW DOES USER AGENT PARSING WORK? 05 WHAT CAN YOU DO WITH USER AGENTS? 06 BUILDING A REGEX DEVICE DETECTION SOLUTION 07 THIRD-PARTY CLOUD BASED SOLUTION 08 LOCALLY INSTALLED DEVICE DETECTION 09 MOST COMMON USER AGENTS The Complete Guide To User-Agents What is a User-Agent? A User-Agent (UA) is an alphanumeric string that identifies the ‘agent’ or program making a request to a web server for an asset such as a document, image or web page. It is a standard part of web architecture and is passed by all web requests in the HTTP headers. The User-Agent string is very useful because it gives you information about the software and hardware running on the device making the request. You can make important decisions on how to handle web traffic based on the User-Agent string, ranging from simple segmentation and redirection, to more complex content adaptation and device targeting decisions. Even more information, such as carrier ID, screen resolution, CPU and storage capacity can be returned when the User-Agent string is mapped to an additional set of data, returned in real-time. This is the advantage of using DeviceAtlas for your detection requirements. Anatomy of a User-Agent Use of the User-Agent string is specified in the standards on HTTP here - RFC 1945. In fact, the UA string has been part of the HTTP standard since the very first version, and has been retained in every update since, right up to HTTP/2.
    [Show full text]