A lot web-focused hacking/pentest tools have the ability to choose a user-agent (UA) to send while fuzzing/scanning/enumerating or at least to send custom HTTP headers.
By default most of the tools will send a user-agent containing their name, eg.
sqlmap will send something like
The problem with that, is that WAF, IPS and other defense security tools can
very easily use a blacklist of such user-agents to block all hacking attempts.
The good news is that if the blocking is only based on the user-agent and not
on the behavior, it's also easy for offensive security professionals to send
a customized user-agent to mimic a legitimate Web browser, library, software.
But here are the difficulties we can still face:
- Very few tools (eg. sqlmap with
--random-agent) have a native option to use a randomly selected user-agent. Most of the time you need to paste a string yourself.
- Searching on internet or reading a list each time we want to select a user-agent is cumbersome.
- Even when a random agent option is available you can't choose between the user-agent categories natively. You may not need an exact user-agent but may wan to use a specific category, eg. cloud platform.
So I will show here how to use randomua CLI tool to easily and quickly inject a custom user-agent randomly chosen from a specific category in your tools HTTP header.
First of all, a quick display of the help message of randomua to see the categories available.
$ randomua -h
randomua is very straightforward, some basic examples of randomly generated user-agents from the (respectively) email collector, library and desktop browser categories.
$ randomua -e
Now let's see how you can inject the user-agent in some common web hackign tools: sqlmap, dirsearch, lulzbuster, ffuf, nikto.
$ sqlmap -u https://URL/?id=1 -p id --user-agent $(randomua -i)