This article is a part of our Web Security Knowledge Base (back to index)

Why User Agent Fuzzer can be dangerous

User Agent Fuzzer is an automated test which provides random values for ‘User-Agent’ HTTP header. The ‘User Agent Fuzzer’ alert states that you might find potential bugs in your website code due to different response messages in request to the same URL with different ‘User-Agent’ header.

How to fix User Agent Fuzzer

Make sure that URLs give the same response for different User Agents.

How does ScanRepeat report User Agent Fuzzer

ScanRepeat checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). It compares the response statuscode and the hashcode of the response body with the original response. ScanRepeat reports every URL which gets different response messages for different User Agents.

Would you like to test your application now against this problem? Sign up for our free trial

Scan Your Web App Now
Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free