Spoofing IE -- is there a better fix?

[Steven W]

Some of you who've been here a while may remember that several years ago I modified some files from Windows Media Player on my system to make AOL's in2tv (which then used WindowsMedia, since switched to flash) site think that I was using WMP 10. I also spoofed the browser's user agent to make it think I was using XP. I used Xn Resource Editor, to make a couple of DLLs and Wmplayer.exe report a different version, then ran a command to make those version numbers update in the registry.

Can something similar be done with IE? What do ***most*** of the scripts look for when checking browser version? Would this be as easy as modding a few files, and few registry entries? Would the entire installation need modded? Any ideas?

[BenoitRen]

Read this thread, specifically post 148 on page 8.

It would be better to use a more recent web browser, though.

[Steven W]

I don't think you get what I'm asking....I have read the post and I've known how to use the registry to spoof the user agent for years. I'm asking if modifying other registry entries, for example:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer

and using a resource hacker to mod dll and exe files to report different version numbers...like iexplore.exe, for example could provide a better way. Essentially having IE 6 look as close to IE 8 as possible.

as far as modding the DLL and EXE files look at what I did a few years ago to get that site to work:

http://www.msfn.org/board/in2tv-and-more-win98-t82947.html

of course the pics are gone! Geez. Point is, I was using XN Resource Editor to change version numbers of files.

Edited December 3, 2009 by Steven W

[dencorso]

Since no small amount of modding will get you to fool Abe Fettig's Javascript Method of detecting IE6 and older IE versions, I see no point of doing anything beyond the reg spoof, which works quite fine for most sites.

Unless you're in for a serious rewritting of IE6... but, then again, are you?

[Steven W]

Unless you're in for a serious rewritting of IE6

Can you get the source code? Kidding. Seriously though, as far as we know there's no way to beat **that script**. The reg spoof works most of the time. So, you're correct it's probably good for most users. Are there other scripts out there that check components or registry entries?

[cluberti]

Unless you explicitly change the security in a zone to allow script to access local resources, no browser-based script can read from the registry or local disk (an activex control can, because it's got an out-of-process COM server and can be written to allow such access). Most checks look at the UA, jscript to check the navigator.userAgent, or try specifically to set a property that specific browser versions can't use (similar to the previous CSS property check). If some page or site does the first two, the registry change to modify the UA you send is sufficient to spoof yourself. If some page or site does the last, there's no way you're going to get around that without replacing the rendering engine (and at that point, might as well use a different browser anyway). The only time hacking .dlls would change anything would be for locally-running apps or activex controls that actually check binary versions for browser version determination - it's not going to help you any with fooling a web site. I guess the question is which site or app you're trying to fool, and why, to make a determination on how best to attack that.

[Steven W]

Thank you. That was quite informative.