0

I love using .torrent files instead of file hosting sites like Mediafire and google drive because of their lack of support for larger files.

However, even with a VPN your User Agent is still available and I have read in many places it is possible to spoof the user agent of torrenting applications like qbittorrent.

I am also looking to spoof the user agent of other applications such as discord. Does anyone here know of any applications that could assist me in spoofing the user agent of some of my more sensitive applications?

This can't be used for nefarious purposes only for self preservation so I am surprised I have not found anything on google.

Thanks in advanced!

Luc
  • 31,973
  • 8
  • 71
  • 135
TritiumCat
  • 593
  • 1
  • 4
  • 10
  • 1
    Spoofing user agents is generally done to bypass annoying restrictions or to avoid standing out, changing the user agent an app uses to connect to its server would make you stand out a lot _more_. – AndrolGenhald Mar 07 '19 at 23:05
  • What exactly is your goal here? – AndrolGenhald Mar 07 '19 at 23:05
  • 1
    I really don't understand what you hope to gain here. Discord doesn't necessarily even send a user agent - it's not necessarily a HTTP protocol under the hood, all I know is it's TLS wrapped for the auth and chat. And if it did send a user agent, all it's going to say is "Discord App", which isn't very useful when literally ever user has that UA too. By changing it you'd stand out more. – Polynomial Mar 07 '19 at 23:22
  • This is not just for a specific application. I have found in my research there are servers made for this exact purpose but they are WAY more expensive than a VPN. I am hoping to find a free open source alternative (likely on github) that could achieve the same goal. – TritiumCat Mar 08 '19 at 00:03

1 Answers1

1

If you're trying to spoof the user agent on applications sending HTTP traffic but don't support natively changing their reported user agent you could setup an interception proxy that rewrites HTTP requests.

That's a lot of work though to setup and configure (I assume you'll also want to intercept TLS traffic), and altering requests may actually break functionality if the server responds in an unexpected manner.

The trade-off doesn't seem worth it in my estimation. There's many other ways a browser/http request could be fingerprinted other than purely the user agent.

Daisetsu
  • 5,110
  • 1
  • 14
  • 24
  • 2
    Also it seems pointless. Discord only talks to the Discord servers, and if an attacker can MitM your TLS connection to the Discord server then they can just read your messages anyway. Same goes for the voice, which is RTP over DTLS over UDP. – Polynomial Mar 07 '19 at 23:18
  • I think the concern in relation to discord could be external resources which get loaded / previewed automatically in some cases. – Daisetsu Mar 07 '19 at 23:19
  • 1
    Previews are fetched by the Discord server. Almost no chat clients (for any service or protocol) do automatic preview fetching on the client because it's a trivial way to discover user IPs. – Polynomial Mar 07 '19 at 23:21
  • @Polynomial great to know! I found confirmation on that from discords site https://blog.discordapp.com/security-discord-and-you-1f8b1a718891 "...all image and link previews people post are proxied through our system..." – Daisetsu Mar 07 '19 at 23:28
  • I just found that qbittorrent has an option natively that I tested that works, but now it's just a matter of editing other applications that don't. Here is the link for qbittorrent's: github.com/qbittorrent/qBittorrent/wiki/Anonymous-Mode – TritiumCat Mar 08 '19 at 00:07