search

Eclipse-Community / r3dfox

r3dfox is a modern Firefox based web browser for Windows Vista & 7. SourceForge link for downloading with older browsers. https://sourceforge.net/projects/r3dfox/
https://eclipse.cx/projects/r3dfox
Other
199 stars 7 forks source link

How to effectively spoof the OS as Windows NT 10.0? #103

Closed ghost closed 2 months ago

ghost commented 3 months ago

It seems general.useragent.override is not enough. Do I need to mess with general.oscpu.override and general.platform.override, too? In case I want to spoof a non-Windows OS, for example, Android, do I need to mess with general.appversion.override, too?

p/s: The guide I'm using is for Firefox 91. I don't know if it's still the same on modern Firefox.

These are the prefs I'm going to set:

general.appversion.override 5.0 (Windows)
general.oscpu.override Windows NT 10.0; Win64; x64
general.platform.override Win32
K4sum1 commented 3 months ago

Yeah, it should just work as is from 91. I doubt the code has been touched much in the last decade.

rovickti commented 2 months ago

Had a quick look at this.

One issue is user agent includes "Windows NT 6.1", not "Windows NT 10.0" like Firefox 127. useragents.me has latest.

That's a fingerprinting issue.

For example cloudflare regards Firefox 127 with NT 6.1 as anomalous. As it does for anything rare/odd. Cloudflare does a brief check on some sites by running a script, presumably to get a unique fingerprint.

Can reproduce reliably on steamdb.info, which has cloudflare set to be sensitive : Just close browser each time to get rid of cookies etc., re-open, and go to steamdb. A script is run by cloudflare, except when a useragent switcher set to Firefox 127. Firefox fingerprinting was set to strict in case that has any bearing.

If the Windows 7 useragent is intentional, a r3dfox setting to spoof Windows 10 could help. An option to spoof Chrome would also be nice for people not familiar with user agent switchers. Firefox on mobile has that option IIRC, to get the same version of google sites served to chrome e.g. search.

Also, https://www.whatismyos.info/ goes from reporting "Windows 7" to "search bot" when using a user agent switcher to set Firefox 127. Not sure why, maybe the switcher addon.

spoof a non-Windows OS

Found CanvasBlocker, recommended addon. Blocks/randomises/fakes lot of different fingerprinting APIs, not just canvas.

See https://canvasblocker.kkapsner.de/test for lots of tests.

(oscpu and others are under the Navigator API section, which is not faked by default in the addon. Enable under API tab in settings, and "Navigator settings" > "Open", tweak or use presets.)

ghost commented 2 months ago

Upgraded to v128.0-2. I found these new user agent overrides:

general.useragent.override.discord.com -> Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0

general.useragent.override.snapchat.com -> Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

general.useragent.override.whatsapp.com -> Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0

None of them make sense. The last version of Chromium that supports Windows 7 is 109. The last version of Firefox that supports Windows 7 is 115 ESR. Btw, I'm against the idea of setting per domain user agent override in about:config.

K4sum1 commented 2 months ago

None of them make sense. The last version of Chromium that supports Windows 7 is 109. The last version of Firefox that supports Windows 7 is 115 ESR.

I just grabbed whatever and I refuse to fake 10.

Btw, I'm against the idea of setting per domain user agent override in about:config.

Well, it's either that or the website doesn't work or with reduced features.

ghost commented 2 months ago

Let the people experiencing problems with user agent set whatever user agent that works for them by installing an addon. Please don't set them by default like you are currently do. Not to mention that abusing about:config for something like that is a bad practice, you are also forcing these user agent overrides to people that don't want them!

K4sum1 commented 2 months ago

Not every user is that intelligent or willing to do that. If someone sees a website not working, I'm lucky to even get an issue report. A new user will just blame the browser and use something else.

ghost commented 2 months ago

Had a quick look at this.

One issue is user agent includes "Windows NT 6.1", not "Windows NT 10.0" like Firefox 127. useragents.me has latest.

That's a fingerprinting issue.

For example cloudflare regards Firefox 127 with NT 6.1 as anomalous. As it does for anything rare/odd. Cloudflare does a brief check on some sites by running a script, presumably to get a unique fingerprint.

Can reproduce reliably on steamdb.info, which has cloudflare set to be sensitive : Just close browser each time to get rid of cookies etc., re-open, and go to steamdb. A script is run by cloudflare, except when a useragent switcher set to Firefox 127. Firefox fingerprinting was set to strict in case that has any bearing.

If the Windows 7 useragent is intentional, a r3dfox setting to spoof Windows 10 could help. An option to spoof Chrome would also be nice for people not familiar with user agent switchers. Firefox on mobile has that option IIRC, to get the same version of google sites served to chrome e.g. search.

Also, https://www.whatismyos.info/ goes from reporting "Windows 7" to "search bot" when using a user agent switcher to set Firefox 127. Not sure why, maybe the switcher addon.

spoof a non-Windows OS

Found CanvasBlocker, recommended addon. Blocks/randomises/fakes lot of different fingerprinting APIs, not just canvas.

See https://canvasblocker.kkapsner.de/test for lots of tests.

(oscpu and others are under the Navigator API section, which is not faked by default in the addon. Enable under API tab in settings, and "Navigator settings" > "Open", tweak or use presets.)

The developer ignored your comment. He hates Windows 10+ more than he cares about his users.