This article is a part of our Web Security Knowledge Base (back to index)
Why User Agent Fuzzer can be dangerous
User Agent Fuzzer is an automated test which provides random values for ‘User-Agent’ HTTP header. The ‘User Agent Fuzzer’ alert states that you might find potential bugs in your website code due to different response messages in request to the same URL with different ‘User-Agent’ header.
How to fix User Agent Fuzzer
Make sure that URLs give the same response for different User Agents.
How does ScanRepeat report User Agent Fuzzer
ScanRepeat checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). It compares the response statuscode and the hashcode of the response body with the original response. ScanRepeat reports every URL which gets different response messages for different User Agents.
Would you like to test your application now against this problem? Sign up for our free trialScan Your Web App Now