What is the user agent string for surface rt? - windows-8

I'm trying to determine the user agent string for surface RT for testing purposes.

Just do some Google'ing and you will find your answer.
Internet Explorer 10 User-agent string
Internet Explorer 10 on Windows RT:
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; ARM; Trident/6.0)
Update after comment below
The link above also states:
Identifying touch-enabled systemsInternet Explorer 10 introduces the "Touch" UA string token. If this token is present at the end of the UA string, the computer has touch capability, and is running Windows 8 (or later). This UA string will be transmitted on a touch-enabled system running Windows 8. Note Internet Explorer 10 on Windows 7 will never report a UA string with the "Touch" token.
Internet Explorer 10 on Windows RT with Touch enabled:
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; ARM; Trident/6.0; Touch)
Update for Internet Explorer 11
User-agent string changes
Here is what's reported for Internet Explorer 11 on Windows 8.1:
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Here is the string for Internet Explorer 11 on Windows 7:
Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
If you compare these values to those reported by earlier versions of Internet Explorer, you'll find the following changes:
The compatible ("compatible") and browser ("MSIE") tokens have been removed.
The "like Gecko" token has been added (for consistency with other browsers).
The version of the browser is now reported by a new revision ("rv") token.

I went to a Microsoft retail location yesterday (November 13, 2012) and used IE to browse to http://whatsmyuseragent.com/ in both Metro and Desktop modes.
Here is the user agent given in both cases:
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; ARM; Trident/6.0; Touch)

For those interested. Here is the User Agent string for a Surface Pro (128Gb):
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Touch)

Actually, everyone is wrong. The actual user agent that comes up in metro mode is
Mozilla/4.0 (Compatible; msie 7.0; windows nt 6.2; arm; trident/6.0;
touch; .net4.0e; .net4.0c; tablet PC 2.0; Version).

This is what I get when I visit the whatsmyuseragent site:
Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; rv:11.0) like Gecko
Hope this helps.

surface RT will run only IE 10.
The User Agent string is
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; ARM; Trident/6.0)
(source: this MSDN blog entry)
This type of information is typically published well in advance of the delivery of the underlying browsers / machines, because of the interest Web Browser manufacturers have in seeing the new browsers well supported by most Web Sites.

UserAgent for devices -
IE desktop - "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.3; rv:11.0) like Gecko"
IE Surface Pro - "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; .NET4.0C; .NET4.0E; Tablet PC 2.0; rv 11.0) like Gecko"
Edge desktop - "Mozilla/5.0 (Windows NT 10.0; Win64; x64; ServiceUI 9) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063"
Edge surface - "Mozilla/5.0 (Windows NT 10.0; Win64; x64; ServiceUI 13) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
By looking at the above user agents we don't have any clear distinguish between desktop and surface pro for Edge(IE is having Tablet PC check available ). So here to detect the window device first(surface pro is window tablet) and then verify if the device is touch device.
window + touch: true - surface pro
window + touch: false - desktop
isSurface: function () {
// Window device Check
if(!!navigator.userAgent.match(/Win/)) {
// Check if the device is touch
return !!navigator.userAgent.match(/Tablet PC/i) || "ontouchstart" in document.documentElement;
}
}

Related

How to save whatsweb session using headless chromedriver?

whatsweb headless using chromedriver only works correctly when used user agent:
chrome_options.add_argument("user-agent=User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36")
then it works, but its asking the qr code even when I already used
options.add_argument(r"user-data-dir
when I go without headless then chromedriver recognize the user data dir, but in the headless its not working, what's the solution ?

Apache Log grok pattern

Can anybody please help with the grok pattern for below example of logs?
85.85.85.85 webmail.company.com "CN=First Last/O=Company/C=CZ" [14/Dec/2020:05:58:18 +0100] "GET /mail/User.nsf/iNotes/Proxy/?OpenDocument&Form=s_ReadViewEntries&PresetFields=DBQuotaInfo;1,FolderName;($Inbox),UnreadCountInfo;1,SearchSort;DateD,s_UsingHttps;1,noPI;1&TZType=UTC&Start=1&Count=23&resortdescending=6 HTTP/1.1" 200 2054 "https://webmail.company.com/mail/User.nsf/iNotes/Proxy/?OpenDocument&Form=l_ScriptFrame&l=en&gz&CR&MX&TSF=20170318T181650,92Z&TSX=20180206T185427,18Z&EFF=%2FiNotes%2FForms9_x&charset=UTF-8&charset=UTF-8&KIC&ua=safari&pt" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" 125 INOTES_LOGIN_ID=First%20Last; Shimmer=SI_TLM:20210209T072811%2C40Z&ST_Counter:3&LAO:mail&SAB:1&CS_TLM:20210209T072831%2C15Z&V_TLM:20210210T080147%2C82Z&DMS:5&ui:X&MOTLM:20210129T113159%2C00Z&DBQS:1503571%2C%207168000%2C%206963200%2C%200%2C%201503571&SPRKL:1&KOSCZ:GTB&FISD:1; INOTES_LOGIN_ID=First%20Last; DWAShared=0; DWAMode=0; INOTES_LOGIN_ID=First%20Last; DWAShared=0; DWAMode=0; LtpaToken2=FpoGJJz33bYLI+CtWy6OlIgoTJouNGEiduvxvQbcN8HRI7K6LThCsb1Dl8CzN72Zi05RGOUmQRMiOQcTk1norKHi6SbkEGI6GlXzjSIweBRSc8c+XPyAwA44PKPbu3WzrPfR0+uoC0sgTPvochvQ/VfPL/sSaqUFoRswRwyI+UeaOwTs/DvKiWLCpiKrVkFk3SmDjrxPBHb/WiL5nDkpp8Dsjjxnlo4vpx7BdOoVNai1jybvHkW28KXxkb21o8SSpmU7ZFdHyZFjDWCYuuCVOx7asV/q4a3lWdxlPfWdPcUguHML+xDmsrMPm6fTUSKeKIKdQEPr6VDmitBi7Z5URIlkRrUyslkTcc28y6fQir3Y20Hc9TmOvwaBlG/ehnpv; LtpaToken=0x4JJ4oWKojdqoz08Ng+MRUkkJq2vYGLGN9lp8HL8FxbD+xnivE7qzCzf92Q6x5OAPOBFRNgxd3Qg225zLwnJFWO0lGeIweH8VDgyWOMImNe6E9z9HBnQAN43vQ2uwtpv3X5E5DN0oLIPKLxAkqsHUDJqJ0SE6NZ6UnfLoR82JyjZVC/s6QEov5DNdpAY/o2Gxh0vWmE+wuQGuCh4mVCIP9KU/dbX4F0Ld9JEExzIpkdzKELibU2Akov0Krv0eWADSV++m/5ECLpaf6N6/VzkZEkt5XoOoL6OD/6ni4zojvo3O+X9Bn7Mdk2MnsQ1AccIohj5eN8Oi81QbD0a9b7jw==; ShimmerS=ET:20210210T114045%2c00Z&R:0&AT:M" "D:/Lotus/Domino/Data/mail/User.nsf"
What I would need is Client IP (85.85.85.85), VirtualHostname (webmail / webmail.company.com) , User (part after CN=, First Last), Time (14/Dec/2020:05:58:18), URL (GET /mail/User.nsf/iNotes/Proxy/?OpenDocument&Form=s_ReadViewEntries&PresetFields=DBQuotaInfo;1,FolderName; ... ) and the Device Info ( "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" )
I know it should start with below, however I can't get anyhow the User name to proceed with [%{HTTPDATE:timestamp}] and possible next would be "(?:%{WORD:verb} %{NOTSPACE:request} and not sure how to get the Device info.
Any help would be appreciated!
%{IPORHOST:clientip} %{WORD:VirtualHost} ???
Since you have customized your log format, you have to build your own grok to match the log. You can use https://grokdebug.herokuapp.com/ to debug the pattern you're going to use and you can copy some patterns from https://github.com/logstash-plugins/logstash-patterns-core/tree/master/patterns
Solved:
%{IPORHOST:clientip} %{IPORHOST:destination.domain} "CN=%{DATA:username}" [%{HTTPDATE:apache.access.time}] "(?:%{WORD:http.request.method} %{DATA:url.original} HTTP/%{NUMBER:http.version}|-)?" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-) ("%{DATA:http.request.referrer}") ("%{DATA:user_agent.original}")

difference between the user agent strings

what is the difference between the following user agent strings
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; rv:11.0) like Gecko
I am currently trying to debug a JS issue specific to IE and while debugging noticed that there are these 2 varying user agent strings, for windows 10 and IE 11.
Also, additionally, the user agent some times has Gecko/20100101 like in the string Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0, does presence of Gecko/20100101 indicate that its a Desktop always?
Thanks.
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
By default, Internet Explorer 11 on Windows 10 sends the above User-Agent string:
Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C;
rv:11.0) like Gecko
By default, Internet Explorer 11 on Windows 8.1 sends the following User-Agent string:
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Internet Explorer 11 continues the IE9 tradition of exposing extensible tokens in the navigator.userAgent property but not sending those tokens in the request header. For instance, by default this property returns the following on IE11/Win8.1:
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C; rv:11.0) like Gecko
The .NET tokens here were pulled from the registry and allow JavaScript to detect that the .NET Framework is installed on the computer. (They’re a bit misleading because Windows 8.1 includes the 4.5 version of the Framework.)
More detail information, please check the User Agent and Internet Explorer 11’s Many User-Agent String.
The UA string of Firefox itself is broken down into four components:
Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefoxversion
Gecko/geckotrail indicates that the browser is based on Gecko.
On Desktop, geckotrail is the fixed string "20100101".
More detail information about Firefox user agent string, please check the Firefox user agent string reference.
Edit:
[Note] In Windows, Macintosh, Linux, Firefox for Maemo (Nokia N900), Camino on Mac, SeaMonkey on Windows, SeaMonkey on Mac and SeaMonkey on Linux, the Firefox user agent string contains "20100101".

Logstash not applying filter to Apache logs

I'me trying to parse some Apache access logs using ELK stack, but I'm having issues with logstash not applying the Apache filter i created on any Apache logs.
Here is my filter file:
filter {
if [type] == "apache_access" {
grok {
patterns_dir => ["/opt/logstash/patterns/apache"]
add_tag => ["grokked", "apache"]
match => ["messege", "%{IP:client} - - \[%{HTTPDATE:event_date}\] %{QS:first} %{NUMBER:response} %{NUMBER:bytes} %{QS:destination} %{QS:browser}"]
}
}
}
filebeat config:
filebeat:
prospectors:
-
paths:
- /var/log/apache2/access.log
document_type: apache_access
registry_file: /var/lib/filebeat/registry
Also I'm using an example log file from logz.io, it contains logs like the following:
88.114.162.149 - - [04/Aug/2016:00:00:05 +0000] "GET /item/giftcards/3802 HTTP/1.1" 200 82 "/category/books" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
156.141.192.36 - - [04/Aug/2016:00:00:10 +0000] "GET /category/toys?from=20 HTTP/1.1" 200 135 "/category/toys" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11"
92.213.110.215 - - [04/Aug/2016:00:00:15 +0000] "GET /category/software HTTP/1.1" 200 108 "/category/books" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11"
80.225.119.24 - - [04/Aug/2016:00:00:20 +0000] "GET /category/cameras HTTP/1.1" 200 100 "http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Cameras+Books&oq=Cameras+Books&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=2640&bih=427" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; YTB730; GTB7.2; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Media Center PC 6.0)"
208.219.150.176 - - [04/Aug/2016:00:00:25 +0000] "GET /category/software HTTP/1.1" 200 117 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.2; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
160.165.186.172 - - [04/Aug/2016:00:00:30 +0000] "GET /category/office HTTP/1.1" 200 101 "/category/electronics" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; YTB720; GTB7.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
224.150.219.97 - - [04/Aug/2016:00:00:35 +0000] "GET /category/jewelry HTTP/1.1" 200 74 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
I've check my filter in grokdebug and everything works fine there, but every time I push those logs into logstash it doesn't apply that filter, instead all logs entries have a "_grokparsefailure" tag.
Any idea what could be the issue here? I've followed several guides and still have this problem.
P.S.
I know about COMBINEDAPACHELOG but I still wanted to parse it this way for my own experience and to understand ELK stack batter.
Try to change messege to message in your grok match
change 'e' to 'a'
|
v
match => ["message", "%{IP:client} - - \[%{HTTPDATE:event_date}\] %{QS:first} %{NUMBER:response} %{NUMBER:bytes} %{QS:destination} %{QS:browser}"]

chromedriver works but "phantomjs unable to locate item using css selector"

I'm designing some end to end testing for my job, and I've got it up and running using nightwatch.js through chromedriver. However, we're looking to have this run on our servers, and so I wanted to be able to run it using phantomjs. Although the test performs without incident using chromedriver, Phantomjs yields the following error "phantomjs unable to locate item using css selector"
Any ideas? I've scoured the internet for a solution, to no avail.
First, check decates' comment here: https://github.com/nightwatchjs/nightwatch/issues/243#issuecomment-94287511
See how depending on the user-agent info passed from your browser to the site, the site returns different XHTML data? So if you want to use phantomjs, but are okay with it spoofing as a different browser via the user agent, you can configure phantomjs' user-agent capabilities, like this (spoofing Mac Chrome):
"desiredCapabilities": {
"browserName": "phantomjs",
"phantomjs.cli.args" : ["--ignore-ssl-errors=true"],
"phantomjs.page.settings.userAgent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
}
Then your tests should act the same as your other browser. Using any browser you like, you can check the user-agent string that it sends here: http://www.httpuseragent.org/. Here are some other examples:
// Mac Chrome 46
"phantomjs.page.settings.userAgent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
// Windows Chrome 46
"phantomjs.page.settings.userAgent" : "Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
// Mac Firefox 42.0
"phantomjs.page.settings.userAgent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:42.0) Gecko/20100101 Firefox/42.0"
// Windows Firefox 42.0
"phantomjs.page.settings.userAgent" : "Mozilla/5.0 (Windows NT 6.3; rv:42.0) Gecko/20100101 Firefox/42.0"
// PhantomJS 2.0
"phantomjs.page.settings.userAgent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.0.0 Safari/538.1"
I sometimes have this effect in the difference browsers, not only phantoms. The reason seemed to be that elements are not loaded at the time of evaluating for one browser (and are loaded for another). You can debug it with checking screenshots at the point of failure.
The solution for me was using waitForElementPresent/Visible.