[or-cvs] [metrics-utils/master 2/4] Match full Torbutton user agents.

Robert Ransom rransom.8774 at gmail.com
Thu Nov 25 21:22:03 UTC 2010


On Thu, 25 Nov 2010 18:47:07 +0000 (UTC)
karsten at torproject.org wrote:

> Author: Karsten Loesing <karsten.loesing at gmx.net>
> Date: Thu, 25 Nov 2010 19:42:49 +0100
> Subject: Match full Torbutton user agents.
> Commit: 157c0dfe0722113bef50cea73be74600bde9414e
> 
> ---
>  visitor/visitor.py |   16 ++++++++--------
>  1 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/visitor/visitor.py b/visitor/visitor.py
> index 06288b1..466bd52 100644
> --- a/visitor/visitor.py
> +++ b/visitor/visitor.py
> @@ -16,18 +16,18 @@ from cStringIO import StringIO
>  # regexes used in the script
>  IP_RE = re.compile(r'(\d+\.){3}\d+')
>  APACHE_DATETIME = re.compile(r'\[(\d{2}/\w{3}/\d{4}:\d{2}:\d{2}:\d{2}) ([+-]\d{4})\]')
> -TOR_USERAGENTS = [('torbutton1_2_0', re.compile(r'Mozilla/5\.0 \(Windows; U; Windows NT 5\.1; '
> +TOR_USERAGENTS = [('torbutton1_2_0', re.compile(r'^"Mozilla/5\.0 \(Windows; U; Windows NT 5\.1; '
>                                                  r'[a-z]{2}-[A-Z]{2}; rv\:1\.8\.1\.16\) '
> -                                                r'Gecko/20080702 Firefox/2\.0\.0\.16')),
> -                  ('torbutton1_2_0rc1', re.compile(r'Mozilla/5\.0 \(Windows; U; Windows NT 5\.1; '
> +                                                r'Gecko/20080702 Firefox/2\.0\.0\.16"$')),
> +                  ('torbutton1_2_0rc1', re.compile(r'^"Mozilla/5\.0 \(Windows; U; Windows NT 5\.1; '
>                                                     r'en-US; rv\:1\.8\.1\.14\) '
> -                                                   r'Gecko/20080404 Firefox/2\.0\.0\.14')),
> -                  ('torbutton1_2_1', re.compile(r'Mozilla/5\.0 \(Windows; U; Windows NT 5\.1; '
> +                                                   r'Gecko/20080404 Firefox/2\.0\.0\.14"$')),
> +                  ('torbutton1_2_1', re.compile(r'^"Mozilla/5\.0 \(Windows; U; Windows NT 5\.1; '
>                                                  r'en-US; rv\:1\.9\.0\.7\) '
> -                                                r'Gecko/2009021910 Firefox/3\.0\.7')),
> -                  ('torbutton1_2_5', re.compile(r'Mozilla/5\.0 \(Windows; U; Windows NT 6\.1; '
> +                                                r'Gecko/2009021910 Firefox/3\.0\.7"$')),
> +                  ('torbutton1_2_5', re.compile(r'^"Mozilla/5\.0 \(Windows; U; Windows NT 6\.1; '
>                                                  r'[a-z]{2}-[A-Z]{2}; rv:1\.9\.2\.3\) '
> -                                                r'Gecko/20100401 Firefox/3\.6\.3'))
> +                                                r'Gecko/20100401 Firefox/3\.6\.3"$'))
>                    ]
>  
>  

This list is not complete -- TAILS 0.5, and presumably other
installations of Torbutton 1.2.5, produce the following User-Agent
string:

Mozilla/5.0 (Windows; U; Windows NT 6.1; chrome://global/locale/intl.properties; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

See <https://amnesia.boum.org/security/Iceweasel_exposes_a_rare_User-Agent/>.

(Nobody should still be using TAILS 0.5, due to this and other security
issues, but your script is intended to be useful for analyzing older
logs as well as new ones.)


Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20101125/86576f5d/attachment.pgp>


More information about the tor-dev mailing list