I've just been reading Richard Clayton's analysis and found:
Quote:
|
36. To avoid processing non-web traffic, the Phorm system has a "whitelist" of "User-Agent" identification strings, the type and version text that browsers place into their requests. If an HTTP request does not appear to have been generated by a "well-known" browser, then the request will be ignored.
|
Does this mean that if in Firefox we used
Modify Headers 0.6.4 we could defeat the system? Pretending to be Safari would be a good first step!