Cenzic 232 Patent
Paid Advertising
web application security lab

IE7.0 Detector

I wrote a cheezy little tool tonight to detect if users are using IE7.0 or not using the res:// handler. Basically it just checks to see if one of the buttons used in the anti-phishing filter are there. If so you have IE7.0. If not, you are using another browser. Firefox for instance drops a security warning when using a res:// location but also replaces the image with a default broken image, which we can detect.

The broken image in Firefox actually has a size, which we can detect (instead of giving an error when I attempt to access the image - which I could still probably get around by measuring the width of something that surrounds it most likely). Anyway, with a small hack I can now test if the user is using IE7.0 regardless if they are spoofing their user agent. Tis a minor issue.

6 Responses to “IE7.0 Detector”

  1. kuza55 Says:

    While this may have some uses I can’t foresee, I’ve long since stopped really being particularly interested in new ways of determining what type of browser is actually viewing your page, simply because there are already so many methods out there. Its as simple as finding javascript objects or using one of the vectors on the cheat sheet which works in IE 6, but not in 7 (or vice versa), and one which works only in IE, but in either 6 or 7.

    P.S. When I click on the link to the tool it just redirects me back to http://ha.ckers.org/

  2. RSnake Says:

    Whoops, yes, sorry, broken link fixed.

    But part of the reason it’s so easy is because of the sheer variety. And what we haven’t done a particularly good job of is cataloging all the possibilities of each browser variant. Anyway, take it or leave it.

  3. Edward Z. Yang Says:

    Maybe you should cook up a browser-detection cheat-sheet, ala the XSS cheat-sheet. Sounds awfully like a Quirks Mode style endeavor though.

  4. SystemOfAHack Says:

    As said, there are a lot of detection methods, just last night I was playing around with a file I named &amp;.bmp and realised using an HTML file containing <img src="&amp;amp;" ><img> would access it in FF2 but not IE7, which is odd because when I checked the properties (image source) in IE it actually said &amp;.bmp

    Anyway yes, I think a browser detection cheat-sheet is a good idea, could be useful, and of course, methods of detection can go a lot more deeper than just “IE” or “FF”, such as what version, plugins (perhaps), etc. Think about it :p

  5. SystemOfAHack Says:

    …erm screwed up the closing img tag (missing a slash), it’s tricky double-html-entity-encoding characters…

  6. SystemOfAHack Says:

    Oh, ffs I missed the .bmp from the end of the source too… fscking wordpress lawl.
    <img src="&amp;amp;.bmp" />
    [let’s hope that shows up right…]