Tuesday, January 19, 2016

User-Agent: Python-urllib/2.7

If you've ever seen an HTTP request in your logs like this and wondered what they are

GET / HTTP/1.1
Accept-Encoding: identity
Host: www.mywebsite.com
Connection: close
User-Agent: Python-urllib/2.7

The most common explanation is, based on the user-agent, that somebody wrote a python script (or is using somebody else's) that is hitting your website. You can learn more about the urllib2 at this link. It states that "By default urllib2 identifies itself as Python-urllib/x.y" which is what you see here, that somebody has Python 2.7 installed and ran a command or script that utilized that library's default user-agent string when connecting.

Whether it's malicious or not is another story. It could be a security researcher just doing his thing and saving the world, or it could be a bad guy reconing or poking/prodding your site, or it could be some joe-blow script kiddie just grabbing somebody else's script and experimenting across the Internet.

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. php injection ali.txt walk-thru

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment