Sometimes it may be necessary to change apt’s User-Agent string. You might be behind a firewall, or simply not want to reveal that you’re using apt (doing a pentest in a Windows environment for example).

By default, the Ubuntu machine I am on uses this User-Agent for apt:

Debian APT-HTTP/1.3 (1.6.6)

It is a terrible idea to update your packages when you’re on an engagement on a client’s network; blue teams can easily monitor for hits to kali.org or ubuntu.com, which would pretty much immediately blow your cover if you decided to do install packages on site. Don’t forget about auto-updates either!

To change the user agent, add the following to /etc/apt/apt.conf.d/99user-agent

Acquire
{
  http::User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36";
};

Set this to something current and relevant. Another surefire way to reveal yourself on a network is to use an ancient User-Agent or some platform that doesn’t make any sense. See https://www.whatsmyua.info/ for an example of your current user agent string.

Verify your changes worked with Wireshark:

Before:

After: