topic Re: OS and browser extraction from useragent in Security

OS and browser extraction from useragent

abhiram — Fri, 16 Nov 2012 09:15:19 GMT

Hi,

I need to extract OS and browser details from useragent.
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
I need to capture Web Browser Version and Operating System Version from each user per visit. Is there any easy way that I can get the info instead of writing python script?

Re: OS and browser extraction from useragent

stefandagerman — Fri, 16 Nov 2012 20:08:18 GMT

Well, define 'easy'... 🙂
How familiar are you with regular expressions? Given your example useragent string above, what are your desired values for
- Browser Version
- OS version

Re: OS and browser extraction from useragent

lguinn2 — Tue, 17 Sep 2013 04:19:38 GMT

There is an app that provides a dynamic lookup for user agent strings; it is called TA-uas_parser. Download it from

http://apps.splunk.com/app/1007

It's free. The user agent string can be very complex. I don't recommend that you build this yourself.

Re: OS and browser extraction from useragent

julianj — Fri, 10 Jul 2015 22:22:50 GMT

I'm having trouble with this as well. The problem for me is I don't exactly know how to handle the varying information within the parenthesis. For example:

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

Here, the Windows NT 6.1 is in different locations, so it is very difficult to make a field extraction for Platform Token and Version Token. Any words of advice?

Additionally: I am unable to use an app or script, as I do not have access, and will need advice for the query itself.

Re: OS and browser extraction from useragent

justdan23 — Mon, 30 Sep 2019 22:16:53 GMT

Is this better than TA-browscap? I'm trying to eval all these Apps to figure out which one to use.