Cenzic 232 Patent
Paid Advertising
web application security lab

Yet Another Way to Detect Internet Explorer

While I was playing around with some very odd security issues in Internet Explorer and Forefox, I ran accross an interesting thing that Internet Explorer exposes when it is giving certain error messages. Internet Explorer exposes a few images that allow you to see if the browser
is in fact Internet Explorer regardless of things like User-Agent spoofing. Click here to run the detection (you need JavaScript enabled).

Of course there are dozens of ways to do this but this is one I hadn’t seen before. There is another document other than res://shdoclc.dll/refresh.gif like res://shdoclc.dll/search.gif, res://shdoclc.dll/pagerror.gif, res://shdoclc.dll/back.gif and others, but you get the point. Any of them could be used to detect that the browser is Internet Explorer for targeted attacks or for simply knowing more information about the user beyond their user agent. This is yet another reason why I think users spoofing their user agent as Google to catch blackhat SEO is pretty ridiculous.

One Response to “Yet Another Way to Detect Internet Explorer”

  1. ha.ckers.org web application security lab - Archive » Detecting FireFox Extentions Says:

    […] In the same vein as the IE specific res:// URLs that can help you detect Internet Explorer, I’ve taken that detection one step further in Firefox. After discovering the issue with IETab where a user can be maliciously forced into the Internet Explorer rendering engine it got me thinking about ways to even detect that that is possible. How do you know your target is running what, and how to do you take advantage of that information. Taking advantage of it is a huge ball of wax and it completely depends on the browser plugin in question. In this case, the IETabs issue was pretty straight forward, but others may not be so straight forward, and will take a lot more time to analyze (by probably many more people than me alone). […]