Changing apt’s User-Agent string

Sometimes it may be necessary to change apt’s User-Agent string. You might be behind a firewall, or simply not want to reveal that you’re using apt (doing a pentest in a Windows environment for example).

By default, the Ubuntu machine I am on uses this User-Agent for apt:

Debian APT-HTTP/1.3 (1.6.6)

It is a terrible idea to update your packages when you’re on an engagement on a client’s network; blue teams can easily monitor for hits to or, which would pretty much immediately blow your cover if you decided to do install packages on site. Don’t forget about auto-updates either!

To change the user agent, add the following to /etc/apt/apt.conf.d/99user-agent

  http::User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36";

Set this to something current and relevant. Another surefire way to reveal yourself on a network is to use an ancient User-Agent or some platform that doesn’t make any sense. See for an example of your current user agent string.

Verify your changes worked with Wireshark:





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s