[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [or-cvs] [metrics-utils/master 2/4] Match full Torbutton user agents.

To: or-dev@xxxxxxxxxxxxx
Subject: Re: [or-cvs] [metrics-utils/master 2/4] Match full Torbutton user agents.
From: Robert Ransom <rransom.8774@xxxxxxxxx>
Date: Thu, 25 Nov 2010 13:22:03 -0800
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-dev-outgoing@xxxxxxxx
Delivered-to: or-dev@xxxxxxxx
Delivery-date: Thu, 25 Nov 2010 16:22:23 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type; bh=2qFwFbCUIUQUdldPeUErATNYprIn5LJ7fbftInc++kQ=; b=VROgiBAKBxSg/i7Au2kunzK8O10mO9Dw3lYKB22wAI3FHAfWaRHNXqjirSm5BzpAIE NV1yKCgc4lfVaQIXuKUo9OycJA7W1ydERZbmPHXDp4Q5O4oi4Q/TTHAQd82F1UpRR1w5 w2hta1s/Ff5+KvPWB+WFyWT2v7S2jY2kozfQQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type; b=rlJ89JQfh2mBCSceQh6XdM39ZUhIJLwAuk0TK4ataw1d9qWzDYXe18f8TQXpxDG0s2 JuzufkO1+GHGdGF/G92jrrsL1cWu6T2SXlxGCSnDsDVKxxA1OkwGy4ApqYufZmGqnMpo EQS/DS/mZCDy1XOQ/VbGEiwtvrP/JNHUTC1Ws=
In-reply-to: <20101125184707.6B8315DEDB@xxxxxxxxxxxxxxxxxxxxx>
References: <20101125184707.6B8315DEDB@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx

On Thu, 25 Nov 2010 18:47:07 +0000 (UTC)
karsten@xxxxxxxxxxxxxx wrote:

> Author: Karsten Loesing <karsten.loesing@xxxxxxx>
> Date: Thu, 25 Nov 2010 19:42:49 +0100
> Subject: Match full Torbutton user agents.
> Commit: 157c0dfe0722113bef50cea73be74600bde9414e
> 
> ---
>  visitor/visitor.py |   16 ++++++++--------
>  1 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/visitor/visitor.py b/visitor/visitor.py
> index 06288b1..466bd52 100644
> --- a/visitor/visitor.py
> +++ b/visitor/visitor.py
> @@ -16,18 +16,18 @@ from cStringIO import StringIO
>  # regexes used in the script
>  IP_RE = re.compile(r'(\d+\.){3}\d+')
>  APACHE_DATETIME = re.compile(r'\[(\d{2}/\w{3}/\d{4}:\d{2}:\d{2}:\d{2}) ([+-]\d{4})\]')
> -TOR_USERAGENTS = [('torbutton1_2_0', re.compile(r'Mozilla/5\.0 \(Windows; U; Windows NT 5\.1; '
> +TOR_USERAGENTS = [('torbutton1_2_0', re.compile(r'^"Mozilla/5\.0 \(Windows; U; Windows NT 5\.1; '
>                                                  r'[a-z]{2}-[A-Z]{2}; rv\:1\.8\.1\.16\) '
> -                                                r'Gecko/20080702 Firefox/2\.0\.0\.16')),
> -                  ('torbutton1_2_0rc1', re.compile(r'Mozilla/5\.0 \(Windows; U; Windows NT 5\.1; '
> +                                                r'Gecko/20080702 Firefox/2\.0\.0\.16"$')),
> +                  ('torbutton1_2_0rc1', re.compile(r'^"Mozilla/5\.0 \(Windows; U; Windows NT 5\.1; '
>                                                     r'en-US; rv\:1\.8\.1\.14\) '
> -                                                   r'Gecko/20080404 Firefox/2\.0\.0\.14')),
> -                  ('torbutton1_2_1', re.compile(r'Mozilla/5\.0 \(Windows; U; Windows NT 5\.1; '
> +                                                   r'Gecko/20080404 Firefox/2\.0\.0\.14"$')),
> +                  ('torbutton1_2_1', re.compile(r'^"Mozilla/5\.0 \(Windows; U; Windows NT 5\.1; '
>                                                  r'en-US; rv\:1\.9\.0\.7\) '
> -                                                r'Gecko/2009021910 Firefox/3\.0\.7')),
> -                  ('torbutton1_2_5', re.compile(r'Mozilla/5\.0 \(Windows; U; Windows NT 6\.1; '
> +                                                r'Gecko/2009021910 Firefox/3\.0\.7"$')),
> +                  ('torbutton1_2_5', re.compile(r'^"Mozilla/5\.0 \(Windows; U; Windows NT 6\.1; '
>                                                  r'[a-z]{2}-[A-Z]{2}; rv:1\.9\.2\.3\) '
> -                                                r'Gecko/20100401 Firefox/3\.6\.3'))
> +                                                r'Gecko/20100401 Firefox/3\.6\.3"$'))
>                    ]
>  
>  

This list is not complete -- TAILS 0.5, and presumably other
installations of Torbutton 1.2.5, produce the following User-Agent
string:

Mozilla/5.0 (Windows; U; Windows NT 6.1; chrome://global/locale/intl.properties; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

See <https://amnesia.boum.org/security/Iceweasel_exposes_a_rare_User-Agent/>.

(Nobody should still be using TAILS 0.5, due to this and other security
issues, but your script is intended to be useful for analyzing older
logs as well as new ones.)


Robert Ransom

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: [or-cvs] [metrics-utils/master 2/4] Match full Torbutton user agents.
  - From: Karsten Loesing

Prev by Author: Re: [or-cvs] [tor/master] changes entry for nopublish removal in 5040c855d
Next by Author: Re: Anomos - anonymous bit torrent - using Onion Routing...
Previous by thread: Re: 0.2.3.0 as an exit: identity_digest not set
Next by thread: Re: [or-cvs] [metrics-utils/master 2/4] Match full Torbutton user agents.
Index(es):
- Author
- Thread