Every modern web browser transmits a user agent string to visited websites. The user agent exposes information about the used device, OS and browser. Several security solutions like web proxys, but also other products like firewalls display the user agent string of “protected users” in their web interface. Besides that, an administrator’s user agent is sometimes present in the audit log. In my experience, the string itself is often not properly escaped, which opens a gap to inject an XSS.

The simplest way to do is the User-Agent Switcher for Chrome extension, offered by Google. To define a custom user agent string, right-click the chrome extension, select options and define a custom string. Then select this custom string to be used. A simple test string could be something like “test<b>bold”.

I have seen this method to work in several web proxy servers, when logging of the user agent string is activated.