0

I am trying to solve the problem for a while and i couldn't find a proper answer online. I have a file with mobile traffic (from an Android device) and I am trying to check whether an http request is sent from the browser or from a mobile app (for example, Ebay app and their mobile site). Unfortunately, checking the host or the user_agent fields on http headers didn't yield any result (they are exactly the same, the host contains the address m.example.com and the user_agent contained general information about the device - something like: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG SM-T550 Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/3.2 Chrome/Safari/537.36).
Does anyone have an idea what can I do to check it ?

Thank you !

mfinni
  • 35,711
  • 3
  • 50
  • 86
kobibo
  • 101
  • What difference does it make to you if the traffic comes from an app or the phone's browser? I'm asking, not because I doubt the validity of your question, but I'm wondering what actual problem you are trying to solve if you knew the answer. – mfinni Apr 27 '17 at 17:36
  • It is actually part of my academic assignment, it is for statistic analysis of users' using habits – kobibo Apr 27 '17 at 20:48
  • Homework questions are off-topic here. – EEAA Apr 27 '17 at 23:21
  • It is not homework, it is part of my academic research – kobibo Apr 27 '17 at 23:37
  • 1
    Regardless, it's not about managing systems in a professional environment. – EEAA Apr 28 '17 at 00:53

2 Answers2

1

There is really no way to definitively determine the type of device network traffic comes from. User agents can be trivially changed.

EEAA
  • 108,414
  • 18
  • 172
  • 242
-1

You could probably get 70-90% of the way there just by pulling client IP addresses from your webserver's access logs and doing a DNS lookup on them, then grouping them by domain. Most web log analyzers do this as part of their traffic analysis.

If you need a more complete solution, and are willing to work for it, there's interesting research on browser fingerprinting that uses page-embedded javascript to extract details on the browser, its plugins, and the device it runs on. But it would require a fair bit of work to implement this.

Diogenes deLight
  • 440
  • 3
  • 7
  • First of all, Thank you for your answer! I am not sure I understand your advise, how can I do a DNS lookup on clients IP ? Or maybe I miss understood you and you ment that in most cases there are separete servers for mobile apps and browsers ? In case I am willing to "work hard" for it, where can i read about the research you mentioned ? – kobibo Apr 27 '17 at 21:47
  • How, exactly is a RDNS lookup going to tell you what kind of device is making the query? – EEAA Apr 27 '17 at 23:20
  • 1
    The question, at least as I read it, was not about detecting devices, but determining if the "http request is sent from the browser or from a mobile app" via a company such as eBay. If it's the latter, I'd expect the http request to come from a server owned, or at least operated by, eBay. Maybe the OP can clarify (OP?). – Diogenes deLight Apr 28 '17 at 01:08
  • Correct, I have no interest in the device information, I only want to know if the user used the mobile application or the browser (I gave ebay just as an example, I want to check it for any other service during the experiment period). By the way, I am not trying to build some kind of security mechanism, so if you have a solution that work in the typical cases it is also good (cheating users doesn't interest me very much ;) ) – kobibo Apr 28 '17 at 10:06