![]() Again, clearly not applicable to your situation. Script/Code Injection - providing inline scripting, references to remote files, etc.This clearly isn't happening in the provided example. Buffer Overflow - either trying to overflow the buffer on the server or within the website/application.There are two areas in which I see User-Agent strings becoming a concern: That being said, it's a value defined by the client which cannot be trusted as it's trivial to modify. Regarding your concern about the RFC, they're written as a recommendation for how the field should be used though there is little consistency between platforms. So it was likely inserted by a proxy device for tracking purposes. It doesn't decode into a human readable string. If all other traffic from this IP address is legitimate, then I wouldn't worry about the WAF rule being triggered. The user has worked around our problem by using a browser plugin to modify their User-Agent, so this is now an academic problem - but I think it's an interesting academic problem :) I'm going to add a bounty to this question, and the answer space I'm looking for is "what sort of software is putting base64 strings into User-Agents, and why? And is there any stamp of legitimacy for this practice?" Inspired by example, I googled the string and from there ended up using UA Tracker to search for base64 strings (or, the subset of them which were padded - I searched for "=)"). It's also likely the IP is the outbound side of a business class web proxy, which would explain why I see some Opera working for someone while someone else reports problems from the same IP. (As usual, contact with the end user is mediated through several parties so I can't fully trust anything I hear). It's a little odd that the user reports having tried IE but all the User-Agent strings I see appear to be Linux. I do, however, show successful connections from the same client IP with an Opera user-agent: User-Agent: Opera/9.80 (X11 Linux i686) Presto/2.12.388 Version/12.16 The site is designed for use by humans with browsers - it's not an API or anything like that - and it has been reported to me that the user has tried accessing the site with "FF/IE/Chrome" and failed. I'm trying to understand what's happening here I don't feel the WAF signature is completely out of line to object, so I'd rather not just disable it, but I haven't seen this sort of User-Agent string before so I'd rather understand better how common and/or legitimate a use case this is. Is the use of base64 strings inside a User-Agent covered by any RFCs or major vendor practices?.Is having a base64-encoded string inside a User-Agent normal or unusual?.In this case, the base64-encoded string is triggering a false positive in the WAF which thinks the User-Agent is lib In no case it should not be confused with “encryption” and “decryption” which are used to protect data, while Base64 doesn’t offer any protection.I'm having an issue with a client accessing our site, and the root cause is that the WAF (Web Application Firewall) doesn't like their User-Agent string: User-Agent: Mozilla/5.0 (X11 Linux i686 rv:34.0 C7QcSBPWTsrpX5YLvVZMqiujEZLWPtOYk3tDZ9WhW18=) Gecko/20100101 Firefox/34.0 And since we are talking about terms, remember that the conversation of text to Base64 is called “encoding” and the reverse process is called “decoding”. However, from a technical point of view, this process is called “conversation”, therefore, never call it a “Base64 translator”. Well, by and large, it really “translates” the text into another form. It may seem funny, but some people call the “Base64 converter” a “Base64 translator”. Nevertheless, if you’re missing some Base64 encoding or decoding features, please let me know. I hope that I managed to develop all the necessary converters that meet your needs. ![]() They are also simple and free, but they are sharpened for certain tasks. If so, please check the following online convertors. ![]() Perhaps this option does not suit your needs, and you want to encode text or decode Base64 using other variations of this algorithm. Please note that this Base64 converter supports only “main standard” and decodes the data in strict mode. Text Base64 Encode text to Base64 Decode Base64 to text Guru A virtual teacher who reveals to you the great secrets of Base64
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |