Ua-tester – A tool for User Agent WAF, IDS/IPS, Redirection testing

UA-tester is a tool to check whether a website provides different pages for different user agents like for mobile, desktop bots etc. Well, this tool also delivers a lot of information. It is basically a python script which runs through various user-agents on a specified site.

It also tries various options like setting cookie, redirection, URL-stability(whether the URL expires or not) an a lot more. Now I am not sure of how this might be used as a WAF-Tester. But I think, all these options & tests you perform resemble a Nmap scan.

You get a lot of information on response codes, redirection, static/dynamic URLs used, XSS protection, server headers etc. From those, you get to know if there is a WAF at all or what the WAF is doing to prevent from scanning their website. One cool thing is the tool gets you the MD5 of the data got from a request to the site. Changes in the hash for different user-agents indicate there are separate pages.

Options – UA-tester

Syntax: uatester –u url –d <agent1> <agent2>
-u / --url Complete URL
-f / --file <Path to User Agent file> / If no file is provided, -d options must be present
-s / --single provide single user-agent string (may need to be contained within quotes)
-d / --default Select the UA String type(s) to check. Select 1 or more of the following ↵
catagories. (M)obile, (D)esktop, mis(C), (T)ools, (B)ots, e(X)treme [!])
-o / --output <Path to output file> CSV formated output (FILE WILL BE OVERWRITTEN[!])
-v / --verbose results (Displays full headers for each check) >> Recommended
--debug See debug messages (This isn't the switch you're looking for)

UA-Tester Homepage: https://code.google.com/p/ua-tester/

Lab 1: Simple Query to Google

In this lab, we are gonna check with Desktop & mobile user-agents with google.

Command: ua-tester -u www.google.com -d M D
Querying Google

There we can see the different user agents. For each of these user agents, a redirect is being done. Also, check the details displayed.

Info on URL redirection Response codes etc

 

Ravi Sankar

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

6 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

6 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

7 days ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

7 days ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

7 days ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago