Changing apt’s User-Agent string

Sometimes it may be necessary to change apt’s User-Agent string. You might be behind a firewall, or simply not want to reveal that you’re using apt (doing a pentest in a Windows environment for example).

By default, the Ubuntu machine I am on uses this User-Agent for apt:

Debian APT-HTTP/1.3 (1.6.6)

It is a terrible idea to update your packages when you’re on an engagement on a client’s network; blue teams can easily monitor for hits to kali.org or ubuntu.com, which would pretty much immediately blow your cover if you decided to do install packages on site. Don’t forget about auto-updates either!

To change the user agent, add the following to /etc/apt/apt.conf.d/99user-agent

Acquire
{
  http::User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36";
};

Set this to something current and relevant. Another surefire way to reveal yourself on a network is to use an ancient User-Agent or some platform that doesn’t make any sense. See https://www.whatsmyua.info/ for an example of your current user agent string.

Verify your changes worked with Wireshark:

Before:

before

After:

after

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s