Ua-tester – A tool for User Agent WAF,IDS/IPS, Redirection testing
UA-tester is a tool to check whether a website provides different pages for different user agents like for mobile, desktop bots etc. Well this tool also delivers a lot of information. It is basically a python script which runs through various user-agents on a specified site. It also tries various options like setting cookie, redirection, URL-stability(whether the URL expires or not) an a lot more. Now I am not sure of how this might be used as a WAF-Tester. But I think, all these options & tests you perform resemble an nmap scan. You get a lot of information on response codes,redirection, static/dynamic urls used, XSS protection, server headers etc. From those, you get to know if there is a WAF at all or what the WAF is doing to prevent from scanning their website. One cool thing is the tool gets you the MD5 of the data got from a request to the site. Changes in the hash for different user-agents indicate there are separate pages.
Syntax: uatester –u url –d <agent1> <agent2>
-u / --url Complete URL -f / --file <Path to User Agent file> / If no file is provided, -d options must be present -s / --single provide single user-agent string (may need to be contained within quotes) -d / --default Select the UA String type(s) to check. Select 1 or more of the following ↵ catagories. (M)obile, (D)esktop, mis(C), (T)ools, (B)ots, e(X)treme [!]) -o / --output <Path to output file> CSV formated output (FILE WILL BE OVERWRITTEN[!]) -v / --verbose results (Displays full headers for each check) >> Recommended --debug See debug messages (This isn't the switch you're looking for)
UA-Tester Homepage: https://code.google.com/p/ua-tester/
Lab 1: Simple Query to Google.
In this lab we are gonna check with Desktop & mobile useragents with google.
Command: ua-tester -u www.google.com -d M D
There we can see the different user agents. For each of these user agents a redirect is being done. Also check the details displayed.
More Labs Coming Soon !