Making Firefox pretend to be IE (user agent spoofing)

Posted on By Mark Wilson
This content is 19 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Our corporate intranet doesn’t always play nicely with browsers that it doesn’t recognise. I’ve previously written about making Internet Explorer (IE) 7.0 pretend to be IE 6.0 but today I needed to change the behaviour of Firefox 1.5 to trick the intranet into thinking I’m using IE (I have IE installed, but as its not my default browser, clicking a link in an e-mail, for example, opens in Firefox), thus avoiding messages like the following:

Browser requirements
Internet Explorer 4 (or later) is required
Your current browser, Default 0.0, does not support the features and security requirements of this site

Thankfully, John Bokma’s article on changing the user agent in Firefox answered that question for me and after I’d entered a new general.useragent.override string in my about:config page everything jumped into life. For reference, my original (Firefox) user agent string was:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
and the override (mimicking my Internet Explorer configuration) is:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)

If you want to check your string, there’s a history (including why Microsoft Internet Explorer user agent strings pretend to be Mozilla) and detection script on Dan Tobias’ Web Tips site. Further information (including common user agent strings) can also be found on Wikipedia.

On a slightly different note, whilst I was researching this, I stumbled across an article on how to make Firefox look like Internet Explorer (i.e. visually, not programmatically).

New features for the MSN toolbar

Posted on By Mark Wilson
This content is 19 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last week, Paul Thurrott reported in the Windows IT Pro magazine network WinInfo Daily Update that MSN have begun beta testing of an add-on for the MSN toolbar called roaming favorites, allowing users to manage, search, and access Internet Explorer (IE) favorites whatever PC is in use, as long as it has the MSN toolbar installed (favorites are synchronised with to a central server, accessed from anywhere on the Internet using a Passport logon).

It sounds great (I’ve been thinking of writing a set of scripts to do this for me for some time now as I use at least 3 PCs and start.com didn’t really work out for me as a kind of web-based home page), but I do wish it didn’t rely on the MSN toolbar – why can’t it be a feature within IE7 (for once, one which Microsoft might have thought up themselves).

Meanwhile, in a separate update, Thurrott reports that another piece of new functionality that is intended for IE7 will also be available for IE6 users (again in the MSN Toolbar) – Microsoft’s phishing filter, a feature that helps protect users from scam websites.

Both features sound great, but I’d much rather them available as a download for all Windows XP users without needing the MSN toolbar. On the other hand, it’s only a matter of time before Google (my preferred toolbar) integrates a similar feature…

Making IE 7 look like IE 6 to get around website restrictions

Posted on By Mark Wilson
This content is 19 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I just picked this up via Rory Street and although I haven’t tried it, it certainly looks interesting for those who are having problems accessing websites which check the browser version when using the Internet Explorer (IE) 7.0 beta

Mark Harrison has a post on his blog which talks about changing the IE7 user agent string so that websites think you are using IE6 (a tip from the IEBlog). He also has links to scripts to switch the associated registry setting.

MSI package for Mozilla Firefox 1.0

Posted on By Mark Wilson
This content is 19 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Back in February, I posted a blog entry about installing applications silently (or at least quietly), e.g. as part of an unattended build process. Thomas Lee added a comment about WIX (Windows Installer XML), which I had not mentioned because at the time I was hoping to find some time to review WIX myself; although Thomas’ blog probably has some more information on the subject.

One of my “problem applications” when it come to automated builds is Mozilla Firefox, which for some reason doesn’t seem to support a silent installation (or didn’t last time I looked). Well, today I found the YVG Software Services Mozilla Firefox 1.0 installer – so now you can get a copy of Firefox packaged in Windows Installer (.MSI) format.

More on WPAD

Posted on By Mark Wilson
This content is 19 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last week I blogged about configuring WPAD for Internet Explorer clients. Since then I’ve come across some more information that might be useful:

Configuring web proxy auto discovery for Internet Explorer clients

Posted on By Mark Wilson
This content is 19 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Over the last few weeks, I’ve been looking at using web proxy auto discovery (WPAD) to let a client’s PCs automatically discover the location of their Microsoft ISA Server 2000 web proxy servers through the Internet Explorer client. Note that WPAD is used by web proxy clients and firewall clients use winsock proxy auto detection (WSPAD).

Microsoft knowledge base article 296591 gives background information on WPAD (for WSPAD see Microsoft knowledge base article 260210) but basically, what is involved is:

  • A properly configured web proxy client (i.e one which has automatically detect settings checked in the Internet Explorer LAN connection settings) queries the DHCP server for option 252, which identifies an HTTP address for a file called wpad.dat which is ISA Server’s dynamically generated proxy auto configuration (PAC) file.
  • If a DHCP server does not respond with option 252, the web proxy client attempts to access http://wpad.domainsuffix:80/wpad.dat (or http://wpad.domainsuffix:80/wspad.dat for the firewall client). To locate this URL, the remote client queries its configured DNS servers for wpad.domainsuffix – obviously issues with incorrectly configured domain suffixes will prevent automatic discovery from working. Microsoft knowledge base article 307502 also indicates that the WPAD address is case sensitive.

It should be noted that WPAD is not supported for clients that connect to the LAN with any type of dial-up connection.

To set up WPAD, three steps are involved, as detailed in Microsoft knowledge base article 309814 (Windows 2000) and Microsoft knowledge base article 816320 (Windows Server 2003):

  • The web proxy servers must publish automatic discovery information (which might require the web proxy service to be restarted).
  • DHCP (and optionally, DNS) needs to be configured to send the WPAD URL to the web proxy client (as detailed in Microsoft knowledge base article 252898).
  • Finally, the clients need to be set to automatically detect settings.

    • We planned to roll out WPAD on a site-by-site basis, using DHCP (adding a DNS entry would affect all clients) and everything looked good using DHCP alone (no DNS installed) in my test environment; however the existing route used for production clients to access the Internet is direct via the firewall, and so the clients failed to use the DHCP-assigned WPAD information as the direct path was working (that’s the theory – it is difficult to diagnose the DHCP traffic to that level of certainty, other than using a network monitor and examining packets).

    One possibility for the failure is described in Microsoft knowledge base article 312864 but I could not replicate this behaviour in testing and as it is only linked from the Windows Server 2003 version of the knowledge base article describing configuration of firewall and web proxy client auto discovery, I am not convinced that the article applies to clients using Windows 2000 DHCP servers.

    The current plan is to use a group policy object, filtered by group membership, to manipulate client proxy settings and use http://proxyarray.domainname.suffix/wpad.dat as an automatic configuration script. This has the advantage that we can control who can access the Internet (take a user out of the group to remove their proxy access – once the direct path has been removed), but does not use WPAD at all.

    One comment which my client made was that the wpad.dat file which ISA Server uses looks complex compared to the .PAC files used by the parent company’s web proxy servers. We could have used a simple .PAC file, but the major advantage of wpad.dat is that it is updated dynamically to reflect changes in the proxy server configuration.

    Internet Explorer displays credentials in status bar when used as an FTP client

    Posted on By Mark Wilson
    This content is 19 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

    A couple of weeks back, one of my clients pointed out that when he opens files from an FTP site using Internet Explorer (IE) as an FTP client his user name and password is displayed in the status bar at the bottom of his browser window.

    FTP credentials visible in IE status bar

    I seem to have the same problem with various flavours of Windows (2000, XP and 2003), a variety of IE patch levels, and can repeat it against both Unix and Windows-based FTP servers. I’ve not been able to test with older browser versions but as IE6 is the current version, this is my main concern.

    One would think that there would be loads of information out on the ‘net about this but I can’t find much at all (except some reference to the issue in an internetfixes.com tip), which seems to suggest IE6 SP1 fixed this strange behaviour. Indeed, I built a PC with Windows XP SP1 (slipstreamed) and the issue was not there; however it reappeared after I upgraded to Windows XP SP2. I know the password will always be passed over the wire in clear text, and that RFC 2396, which defines the generic syntax for URIs (specifically section 3.2.2) recommends against the use of the format “user:password” in the userinfo field of the URL, but that’s just the way that FTP has been implemented! All I want to do is to prevent IE from displaying it in the status bar. As for ISA Server capturing the details in the proxy server logs… well that’s a whole new can of worms.

    The strange thing is that a colleague who is using the same Internet Explorer version as me (6.0.2900.2180.xpsp_sp2_gdr.050301.1519 at update version SP2) can not repeat the issue.

    It doesn’t help that IE version numbers don’t seem to increment as patches are applied. There is an interesting discussion of the merits of the Microsoft IE version number approach vs. the Mozilla Firefox approach in the comments to the April IE Security Update is available post on the IEBlog, and for anyone searching for information on the various versions of IE, the version numbers and associated Windows operating system version are all listed in Microsoft knowledge base article 164539. What I can’t find is any information on the fixes which update the last portion of the version number (i.e. from 6.0.2900.2180.xpsp_sp2_rtm.040803-2158 to 6.0.2900.2180.xpsp_sp2_gdr.050301.1519), although Microsoft knowledge base article 824994 does describe the significance of release to manufacturing (RTM), general distribution release (GDR), service pack (SPX) and quick fix engineering (QFE) software update packages and there is an article about the package installer (formerly called update.exe) for Microsoft Windows operating systems and Windows components in the Microsoft Windows Server 2003 TechCenter, which describes the multiple-branch-aware structure used for Microsoft patches.

    I’ve spent hours loading patches one by one onto a client to see if the issue is resolved as a side-effect of a posted hotfix but can’t seem to get anywhere on this. The only answers I hear are “use the insert product name here FTP client” (incidentally, my preference is FileZilla) or “use SFTP”. What I’d like to hear is “apply Microsoft update xxxxxx“.

    The wonderful thing about web standards

    Posted on By Mark Wilson
    This content is 19 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

    Alex and I were having a rant discussion a few days back about web standards after I pointed out to him that Firefox and Safari not being able to supply login credentials within a URL meant they were not RFC-compliant in this respect (and he accused me of being sponsored by Microsoft)!

    I know that there are many pieces of Microsoft software where the standards have been “extended” or “enhanced” and this week I heard that they are going to extend RSS when it is integrated into the next version of Windows (codenamed Longhorn); but we had both hoped that the Mozilla browsers would be better in this respect (in general, they are).

    I like Firefox. In fact the only reason that I’ve gone back to Internet Explorer (IE) is that a huge number of websites (about 10% according to IT Week) only work properly with IE and some mis-identified Firefox as a very old Netscape browser. Now that IE’s market share has slipped to about 85% and Firefox is gaining momentum, all we need to do is to persuade web designers to code sites to work with all common browsers.

    It would be so much easier for web designers, IT administrators, and IT architects alike if all browsers complied with standards. In another IT Week article, Bill Pechey highlights a UK government department of trade and industry (DTI) report that suggests standards promote healthy growth.

    I’m hoping that Microsoft’s forthcoming IE 7 browser will be fully web standards compliant (and if it has to support Microsoft-proprietary extensions as well then that is fine as long as it can properly render standard pages). That remains to be seen but meanwhile it’s good news that Microsoft is collaborating with the Web Standards Project to promote open standards.

    Get Firefox!

    (and just to show that I’m not biased…Internet Explorer).

    Supplying logon credentials within a URL

    Posted on By Mark Wilson
    This content is 19 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

    Alex e-mailed me earlier and told me that the RSS feed on my family blog was broken. Actually, I’d password protected the site, and forgotten to update the details in Feedburner (which translates Blogger’s Atom output to RSS for me). I couldn’t find any fields in the feed service settings to supply username and password credentials until an unusually helpful error message suggested that I should enter the URL as http://username:password@domainname/document.extension.

    I knew that particular syntax worked for FTP, but not for HTTP too! Of course, if I was really that bothered about security I should secure the site using HTTPS, but in this case, the username and password is only a deterrent and there’s not really anything there that needs SSL security.

    Getting AOL broadband to work on a Mac: part 2

    Posted on By Mark Wilson
    This content is 19 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

    Last week I blogged about my neighbour’s problems setting up his iMac G5 to use AOL broadband. Since replacing the ADSL modem with a router he is back online, but last night we spent some time sorting out a few remaining items: transferring data; installing a printer; configuring email; and working out why some web pages refuse to load in the Safari browser.

    The first two items were straightforward enough (he had an external disk which was handy for the data transfer and the OS X version of the drivers for his printer were downloaded from the ‘net), but for e-mail it’s worth knowing that AOL doesn’t use port 25 for outgoing SMTP – I found an article on sending and receiving AOL e-mail via other applications, which highlights that the SMTP port is 587 (not the standard 25) and that authorisation is required.

    Finally, Safari was consistently refusing to load pages from some major websites (but working for others). I had thought of installing Microsoft Internet Explorer 5 for Mac OS X; until Stuart recommended that I installed the OS X version of Firefox, which seemed to cure the problems with browsing.