BAS use a malformed User-Agent



  • Hey all,

    I would like to know if anyone has already investigated about the BAS user agent.

    I note a malformation of the header "user agent" generated by BAS, i subscribed to FingerprintSwitcher, i tested thousands of different fingerprints, it seems that the problem is on BAS side, even to modify the header manually ( in BAS ...) there is always a malformed "user agent" header, you can do your test with http://f.vision/, here is the BAS User-Agent :

    alt text

    All the tests give the same result, with sometimes exception whit the user agent of Microsoft Windows Phone (chosen in FingerprintSwitcher) for this one the header is well formed, all combination with "windows/firefox,/chrome" returns a bad User-Agent.

    Does anyone have a technical explanation in order to think about a possible workaround ... i already try to apply a new "User-Agent" after applying the fingerprint, always the same problem , it's malformed

    needless to say, f.vision give a User-Agent well formed from a real navigator ....

    I'm badly surprised that a tool so powerful as BAS have such a flaw for the User-Agent, which is by far the least complicated to implement in automation scripts compare to the other very efficient option from BAS.

    thank you all



  • @jonigood, Standard chrome
    c6df0787-a07c-46a9-bc14-3e6bfb802ecf-image.png



  • @GhostZ, thank you, actually same result with you,

    I tried with other automation bot, I don't have this problem ...



  • Bablosoft team do not plan to fix this bug ?
    Can we report this bug ?

    Whit the premium license, would I have access to the BAS source code ? changes source code at the user agent level is possible ?

    thank you.



  • @jonigood, error in the site and not in the BAS...



  • @jonigood, Fingerprint + old user-agent = No error, test project > ua_test.xml

    019e6fc0-84a5-4a42-92ab-c52c0963c126-image.png



  • @GhostZ , yeh, only with a real chrome browser wee get a false positive on http://f.vision/ , however for firefox i get well :

    alt text

    still firefox from another machine:

    alt text

    And firefox from BAS :

    alt text

    What do you think about it ?
    thanks



  • @GhostZ said in BAS use a malformed User-Agent:

    old user-agent

    ok, interesting, i do some tests and I come back to you
    thanks



  • @GhostZ , how do you filtre old browser ?

    • Minimum added date
      I think it talks about the date of addition, no certainty about the version

    • Minimum browser version
      I can't find the inverse option, "Maximum browser version ?"

    thank you



  • @jonigood, download the project that I attached



  • @GhostZ , yeh i just understand ....

    thank you ;)



  • @GhostZ , hi

    It is not at all a question of old user-agent, it is only about the user agent of edge which work (old or new is same), the user-agent which you put in your example is a user-agent of edg , for chrome and firefox NO one user-agent works, old or new, for proof here are some tests:

    firefox, verry old user-agent (do not work) :

    Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5
    

    chrome, verry old user-agent (do not work) :

    5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.19
    

    edge, verry old user-agent (WORK) :

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246
    

    edge, new user-agent (WORK) : :

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19582
    

    in no case can we accuse f.vision of false positive for firefox result, because all the tests with real FIREFOX browser pass well, never pass with BAS and firefox UA

    conclusion, there is a problem of user-agent with BAS, it would be necessary to report the bug, thank you.



  • @jonigood, what difference does if in a real browser chrome writes that a fake user-agent, while chrome is the most popular browser



  • This a non-evolving way of thinking, the subject of the discussion is oriented on the fact that BAS is an automation tool which should accurately replicate the characteristics of a real browser, we simply observe that one of the functions of BAS (user -agent) does not react as it should, it doesn't matter if f.vision gives a fake also with real Chrome, the fact that we have different results on all other browsers shows that something is not working as it should be, it is undeniable

    in a large scale production environment, having the ability to only one kind of user-agent is simply impossible.

    You can do a test with our dear friend google with Recaptcha API (recaptcha__en.js), which unfortunately gives a poor score to BAS whit any user-agent other than edge :

    https://recaptcha-demo.appspot.com/recaptcha-v3-request-scores.php

    Whit a real browser whit get 0.7

    Whit base wee get 0.1:

    alt text

    This low score surely does not come only because of a possible (or not...) problem of user-agent whit BAS, but it is certainly part of it ...

    the same test with BAS and an EDGE User-Agent we get a better score, 0.3 .... :

    alt text

    f.vision is therefore not false, only the User-Agent of edge which are not detect whit BAS for the moment ...

    thank you


Log in to reply