4] Match full Torbutton user agents.

Robert Ransom Thu, 25 Nov 2010 13:22:19 -0800

On Thu, 25 Nov 2010 18:47:07 +0000 (UTC)
[email protected] wrote:

> Author: Karsten Loesing <[email protected]>
> Date: Thu, 25 Nov 2010 19:42:49 +0100
> Subject: Match full Torbutton user agents.
> Commit: 157c0dfe0722113bef50cea73be74600bde9414e
> 
> ---
>  visitor/visitor.py |   16 ++++++++--------
>  1 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/visitor/visitor.py b/visitor/visitor.py
> index 06288b1..466bd52 100644
> --- a/visitor/visitor.py
> +++ b/visitor/visitor.py
> @@ -16,18 +16,18 @@ from cStringIO import StringIO
>  # regexes used in the script
>  IP_RE = re.compile(r'(\d+\.){3}\d+')
>  APACHE_DATETIME = re.compile(r'\[(\d{2}/\w{3}/\d{4}:\d{2}:\d{2}:\d{2}) 
> ([+-]\d{4})\]')
> -TOR_USERAGENTS = [('torbutton1_2_0', re.compile(r'Mozilla/5\.0 \(Windows; U; 
> Windows NT 5\.1; '
> +TOR_USERAGENTS = [('torbutton1_2_0', re.compile(r'^"Mozilla/5\.0 \(Windows; 
> U; Windows NT 5\.1; '
>                                                  r'[a-z]{2}-[A-Z]{2}; 
> rv\:1\.8\.1\.16\) '
> -                                                r'Gecko/20080702 
> Firefox/2\.0\.0\.16')),
> -                  ('torbutton1_2_0rc1', re.compile(r'Mozilla/5\.0 \(Windows; 
> U; Windows NT 5\.1; '
> +                                                r'Gecko/20080702 
> Firefox/2\.0\.0\.16"$')),
> +                  ('torbutton1_2_0rc1', re.compile(r'^"Mozilla/5\.0 
> \(Windows; U; Windows NT 5\.1; '
>                                                     r'en-US; 
> rv\:1\.8\.1\.14\) '
> -                                                   r'Gecko/20080404 
> Firefox/2\.0\.0\.14')),
> -                  ('torbutton1_2_1', re.compile(r'Mozilla/5\.0 \(Windows; U; 
> Windows NT 5\.1; '
> +                                                   r'Gecko/20080404 
> Firefox/2\.0\.0\.14"$')),
> +                  ('torbutton1_2_1', re.compile(r'^"Mozilla/5\.0 \(Windows; 
> U; Windows NT 5\.1; '
>                                                  r'en-US; rv\:1\.9\.0\.7\) '
> -                                                r'Gecko/2009021910 
> Firefox/3\.0\.7')),
> -                  ('torbutton1_2_5', re.compile(r'Mozilla/5\.0 \(Windows; U; 
> Windows NT 6\.1; '
> +                                                r'Gecko/2009021910 
> Firefox/3\.0\.7"$')),
> +                  ('torbutton1_2_5', re.compile(r'^"Mozilla/5\.0 \(Windows; 
> U; Windows NT 6\.1; '
>                                                  r'[a-z]{2}-[A-Z]{2}; 
> rv:1\.9\.2\.3\) '
> -                                                r'Gecko/20100401 
> Firefox/3\.6\.3'))
> +                                                r'Gecko/20100401 
> Firefox/3\.6\.3"$'))
>                    ]
>  
>


This list is not complete -- TAILS 0.5, and presumably other
installations of Torbutton 1.2.5, produce the following User-Agent
string:

Mozilla/5.0 (Windows; U; Windows NT 6.1; 
chrome://global/locale/intl.properties; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

See <https://amnesia.boum.org/security/Iceweasel_exposes_a_rare_User-Agent/>.

(Nobody should still be using TAILS 0.5, due to this and other security
issues, but your script is intended to be useful for analyzing older
logs as well as new ones.)


Robert Ransom

signature.asc
Description: PGP signature

Re: [or-cvs] [metrics-utils/master 2/4] Match full Torbutton user agents.

Reply via email to