 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Remoting / December 2004Change the Remoting User-Agent string ?
Hello, a Client using HTTP-Binary sends a User string like this to the server: Mozilla/4.0+(compatible;+MSIE+7.0b;+Windows+7.0.1942.0;+MS+.NET+Remoting;+MS +.NET+CLR+3.0.1942.7528+) Now I wonder if it's possible to override this string with something shorter like "MyTool 1.0a". It seems that in System.Remoting.dll the constructor of this string is hardcoded and not accessable :( <snip> // transport sender sink used by HttpClientChannel internal class HttpClientTransportSink : BaseChannelSinkWithProperties, IClientChannelSink { private const String s_defaultVerb = "POST"; private static String s_userAgent = "Mozilla/4.0+(compatible; MSIE 6.0; Windows " + "; MS .NET Remoting; MS .NET CLR " + System.Environment.Version.ToString() + " )"; </snip I guess the bigger question would be why do you want to do this? Thanks, Sam  Signature_______________________________ Sam Santiago ssantiago@n0spam-SoftiTechture.com http://www.SoftiTechture.com _______________________________ > Hello, > [quoted text clipped - 22 lines] > System.Environment.Version.ToString() + " )"; > </snip Think about what kind of information is given from the Clients to the Server: Mozilla/4.0+(compatible;+MSIE+7.0b;+Windows+7.0.1942.0;+MS+.NET+Remoting;+MS > > +.NET+CLR+3.0.1942.7528+) Everybody who intercepts this string can run fine tuned attacks against the client as he knows quite well what is going on. Today, you won't give out any information about yourself if you don't have to. You might even have signed a paper with your cusomers that disallows your Remoting Client to transmit any internal information into the outside world. Giving detailed info about the Client OS IS internal information. When I pass the default User-Agent string, it's kind of spying out my customers and it's completely useless to transmit this string in normal Remoting scenarios. Hiding this string and tell the Server + Client to pass only strings like "MyTool Client 1.0" or "MyServer 1.0" helps to make the communication a bit more stealth. --- > I guess the bigger question would be why do you want to do this? > [quoted text clipped - 5 lines] > > > > a Client using HTTP-Binary sends a User string like this to the server: Mozilla/4.0+(compatible;+MSIE+7.0b;+Windows+7.0.1942.0;+MS+.NET+Remoting;+MS > > +.NET+CLR+3.0.1942.7528+) > > [quoted text clipped - 17 lines] > > System.Environment.Version.ToString() + " )"; > > </snip If you're worried about this level of stealth and the possibility of snooping, you're certainly using SSL to encrypt the transmisions. In that case, the User Agent string is as protected as any of the rest of the HTTP communication from eavesdropping. Ken > Think about what kind of information is given from the Clients to the > Server: Mozilla/4.0+(compatible;+MSIE+7.0b;+Windows+7.0.1942.0;+MS+.NET+Remoting;+MS > > > +.NET+CLR+3.0.1942.7528+) > [quoted text clipped - 24 lines] > > > > > > a Client using HTTP-Binary sends a User string like this to the server: Mozilla/4.0+(compatible;+MSIE+7.0b;+Windows+7.0.1942.0;+MS+.NET+Remoting;+MS > > > +.NET+CLR+3.0.1942.7528+) > > > [quoted text clipped - 18 lines] > > > System.Environment.Version.ToString() + " )"; > > > </snip Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.