TL;DR: Safari on Desktop sent a single request with an iPhone user agent and without cookies, and we don't know why. It uses FOUR different user agents.
I was using Safari 16.1 on macOS Ventura 13.1 to test a website that I built.
I found a strange request with an iPhone User Agent string in the server access log.
This request did not include any cookies, causing my session to end.
I am convinced that the request came from my browser because:
It is from my IP address, and I'm the only one here.
The request was 1 second before a request that I know I made, for the same URL.
The URL is several steps into a checkout process, so it is unlikely to be reached any other way (e.g. bots).
Requests before and after it had my expected desktop user agent (see screenshot).
But what is strange is:
There is only one request logged with the iPhone user agent string.
There are no iPhones or other Apple devices at this IP address, just a MacBook Air.
Safari can emulate other user agents, but I have never used that feature in Safari.
I did have the Safari Web Inspector open at the time, to watch a cookie.
The URL outputs some content with a JavaScript redirect, so it is actually not possible to stay on it to refresh it.
So why did desktop Safari change the user agent string to iPhone for a single request?
Is there some keyboard shortcut for switching user agent that I could have pressed accidentally?
Or is this a known behaviour of Safari? (like this other surprising user agent change)
UPDATE: During a short session, after updating to macOS Ventura 13.2 and Safari 16.3, Safari used 4 different user agents.
1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15"
2 "Safari/18614.4.6.1.5 CFNetwork/1404.0.5 Darwin/22.3.0"
3 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko)"
4 "Mozilla/5.0 (iPhone; CPU iPhone OS 16_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Mobile/15E148 Safari/604.1"
(1) is the main user agent reported by most tools.
(2) requests apple-touch-icons, and I understand it.
(3) is a little shorter than the main one, and made only 3 simultaneous requests at the start of my session.
(4) contains "iPhone", and made 3 simultaneous requests at the same time as (3).
Related
I have Google Chrome Browser running version 89.0 The user agent of my browser displays the following string:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36
What does each field in the above syntax format represents ?
It’s entirely arbitrary what you put in the user agent field so there is no standard as to what format to use.
Saying that, for historical reasons, browsers like to claim to be lots of different browsers. Great post on that here: https://webaim.org/blog/user-agent-string-history/
This was mostly because some sites would use the user agent to guess the capabilities of the browser asking for a page and try to serve different versions depending what that said.
This was fraught with problems (hence why browsers had to pretend to be other to avoid getting a substandard page) and there are now much better ways to feature detect on the client side in CSS and JavaScript.
Additionally there are privacy issues with having such a specific version as with, along with just a few other items to make it more unique, it’s pretty easy to track individual users.
On the server side, User Agent Client Hints will allow a browser to tell the site what it supports, rather than a site guessing based on the user agent. Much more accurate and future proof.
Chrome has even said to it intends to freeze the user agent at some point to stop people depending on it. So I wouldn’t build anything depending on it.
I am running some headless tests with Selenium & firefox to login to some website. If I switch between separate firefox profiles in the same browser to login to separate accounts on the website is there any way besides IP tracking to track my connections and find out it's all on the same machine (on which the Selenium script is running)?
What I am doing:
profile = webdriver.FirefoxProfile('path/to/profile1')
driver = webdriver.Firefox(profile)
driver.get("website.com")
#connect as user1 on website & do stuff...
driver.quit()
profile = webdriver.FirefoxProfile('path/to/profile2')
driver = webdriver.Firefox(profile)
driver.get("website.com")
#connect as user2 on website & do stuff...
driver.quit()
EDIT: In other words, Given the code above and excluding IP tracking can website.com figure out that the accounts user1 and user2 are actually on the same machine(hence one person with 2 accounts) ?
Multiple Firefox profiles
A profile in Firefox is the collection of settings, customizations, add-ons, and other personalizations that a user has made or installed into their copy of Firefox.
Reasons to have multiple profiles
The casual user may want to have different profiles for different family members. Having different profiles would allow each person to have his or her own set of bookmarks, settings, and add-ons.
Web developers might want a secondary profile for testing websites, apps, or other projects on different Firefox channels. For example, you might want to have some extensions installed for Web development, but not for general-purpose Web browsing.
For QA, testing, and bug triaging contributors, you may want to have multiple development versions of Firefox installed, each with its own profile. Creating new profiles for testing can keep you from losing your preferences, bookmarks, and history. It takes little time to set up a new profile, and once it is complete, all of your Firefox versions will update separately and can be run simultaneously.
Bursting the Myth
So multiple instances of Firefox Browser Clients with multiple Firefox Profiles can be run simultaneously. So your assumtion of ...If I switch between separate firefox profiles in the same browser to login to separate accounts... is incorrect. The Web Browsing Client variant might be same i.e. Firefox but each of them will inherit different set of preferences, bookmarks, and history.
User Agent
Your User Agent tells every site you visit what browser you're using. Sites are able to detect your UA and redirect to a more fitting page for your browser if desired. In other words, if you go to a site with this detection in place from a mobile phone the site might detect you are a mobile user via the UA and redirect you to their mobile site if available. This doesn't work on all sites becuase not all sites have UA detection in place.
UAs also tell the sites you're visiting some browser related software which you may have installed. For example, this UA:
(Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.21022; .NET CLR 1.1.4322; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0;)
Tells us that the visitor is using Internet Explorer 8, Windows Vista, has Media Center PC 5.0 installed, Office Live Connector, etc. So if we had a special section for Vista users, we could redirect this person based on the Windows NT 6.0 string to a sub section in our site related strictly to Vista. On the other hand, this User Agent:
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Tells us the visitor is using FireFox 3.5.3 and Windows Vista. Not much else.
Having the knowledge from above, User Agent Spoofing is used by many programmers that don't want people to know how they're getting to the site(s). Some programmers will find legitimate UAs and program their script to use such UAs. UAs can be blank, or contain custom information like a URL to a site that might promote a particular browser or script.
Update
As per your question update ...can website.com figure out that the accounts user1 and user2 are actually on the same machine... I am not sure if User Agent carries the Browser Profile information. However based on the different User Agents different parameters can be extracted. As an example, for a user-agent string e.g.:
Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
Different User-Agent detection library thinks as follows:
According to useragent v2.1.9:
ua
rawUa: Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
string:
family: Chrome
major: 70
minor: 0
patch: 3538
device: Other 0.0.0
os
string: Windows 8 0.0.0
family: Windows 8
major: 0
minor: 0
patch: 0
According to ua-parser-js v0.7.11:
ua
ua: Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
browser
name: Chrome
version: 70.0.3538.102
major: 70
engine
name: WebKit
version: 537.36
os
name: Windows
version: 8
device
model: undefined
vendor: undefined
type: undefined
cpu
architecture: amd64
According to platform.js v1.3.3:
ua
name: Chrome
version: 70.0.3538.102
layout: Blink
os
os: Windows 8 64-bit
device
product:
manufacturer:
description: Chrome 70.0.3538.102 on Windows 8 64-bit
Hi i'm developping an ionic 3 app and i'd like to know the version of Safari used in iOS simulators, anyone know how to get it ?
Do you want to know the user agent string? You can grab it by visiting one of many sites, eg: http://www.whatsmyua.info?
There's a great listing of Safari user agents at:
https://developers.whatismybrowser.com/useragents/explore/software_name/safari/
You can sort by version number, operating syste (OS X/iPad/iPhone etc)
iPhone simulator user agents will have the iPhone Simulator fragment in them, for example:
https://developers.whatismybrowser.com/useragents/parse/18845-safari-ios-iphone-webkit
Mozilla/5.0 (iPhone Simulator; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3
I wouldn't really want to bother you here, but as I don't have a mac I cannot test this.
I made a browser sniffing class (I know it's bad but it works well and is not the point).
This all works fine, however my colleague said there was a bugg on a website I recently did.
All I would like to know / see is if there is a link to any website that has the Safari 7 useragent string documented / raw or if someone could post the Safari 7 UA string here ($_SERVER['HTTP_USER_AGENT'] in PHP).
I checked for this on google and websites as useragentstring.com, but cant get the UA from there either.
Thanks in advance.
Found it:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9) AppleWebKit/537.71 (KHTML, like Gecko) Version/7.0 Safari/537.71
When someone accesses a site via a WebView in an iPhone app, is there a reliable way (JavaScript or server-side) to tell what app is being used? It seems like the user agent string can tell me if it's from Safari or not, but not what precise app is being used if it's not Safari, unless a custom user agent has been specified by the app's programmer (which is not often).
I'd like to be able to tell more precisely what exact app is being used in order to serve [slightly] customised content. The identifier doesn't need to be human-readable, just app-sepcific (so e.g. a bundle ID would be fine).
Example (and not useful) user agents:
From Safari: "Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1_2 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7D11 Safari/528.16"
Most Apps:
"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1_2 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Mobile/7D11"
I tried to write just "Nope", but answers are required to be at least 15 characters long...