Spoofing User-Agents: A neat trick to outsmart Microsoft
It all started when Microsoft wouldn’t let me download Windows (no, really)🪟.
I was trying to download an authentic Windows 10 ISO file from Microsoft (which I had obviously done before). So I got to the site and found out I could only download the tool to create a Windows installation media. Just to be sure I hadn’t dreamed it up, I booted up my Linux Virtual Machine, went to the same site and voilà, I could download the ISO file.
As you can see, there is a stark difference between the two pages despite being the same website. This was fascinating to me so I decided to dig a little deeper and found out the culprit was a little thing called a User-Agent.
What is a User-Agent?
A User-Agent is a HTTP request header element used to identify browsers, applications or operating systems that connect to a web server.
Simply put, when you search for something on Google, open a YouTube video, or play your favourite song on Spotify, your device sends some info to the server that can be used to identify it. This is in turn used by the server to deliver content optimised for your device.
For example, it might be quite difficult to use YouTube on your phone if it loaded up the same way it does on your laptop. Your phone sends it’s OS and browser info through the User-Agent element to let the server know the device requesting the video is a phone and the correct interface is delivered.
If you’re a privacy freak, relax. The info sent isn’t very useful for tracking your device. Yes, such information may be used for analytics and some level of fingerprinting, but it’s nothing to be worried about. It also serves as a security measure by forcing you to update your OS or hardware as users of both Chrome and Firefox can testify.
But if you need to say, download an ISO file from Microsoft using a Windows system, how would you bypass this?
Two words: User-Agent Spoofing (Not sure if that’s two or three but you get the idea 🤷).
User-Agent Spoofing is simply your device pretending to be another. For example, when you set your phone browser to use ‘Desktop View’ or ‘Request Desktop Website’, it simply changes the user-agent to make the browser request web resources like a desktop. The server will respond by sending the webpage for a desktop.
Now, let’s figure out how to make our devices play pretend. And not to worry, user-agent spoofing is not illegal so feel free to do this as much as you’d like 😉.
How to spoof your User-Agent
Over 70% of Internet users use a Chromium-based web browser. As a result, I’ll be showing you the technique that works on these kind of browsers such as Chrome, Opera, Vivaldi, Brave, and the most annoying kid on the block, Edge.
For those of you using Firefox, you can use the User-Agent Switcher and Manager extension to spoof the user agent effortlessly and get the same result.
Now, for the good majority, lets kick off. First right click on the website you want changed, go to ‘Developer Tools’ and hit ‘Inspect’.
Head over to the three dots at the top right of the bar, click on ‘More tools’, and hit ‘Network conditions’. I’m using Vivaldi, but the interface should look a bit similar across other browsers.
Finally, head over to the ‘User agent’ section under ‘Network conditions’, uncheck ‘Use browser default’, and select the browser and operating system you’d like to spoof. I want to feel like a rich kid in the Hamptons, so I’ll go with a Safari browser on a Mac.
Congratulations 🎉. You’ve successfully spoofed your user-agent (and I’ve gotten my ISO file 🙃). If you’re curious enough, I suggest you try out different browser and OS variations on different websites. You might be surprised by what you discover.
