MITRE ATT&CK Technique
Defense Evasion T1036.012
Description

Adversaries may attempt to blend in with legitimate traffic by spoofing browser and system attributes like operating system, system language, platform, user-agent string, resolution, time zone, etc. The HTTP User-Agent request header is a string that lets servers and network peers identify the application, operating system, vendor, and/or version of the requesting user agent.(Citation: Mozilla User Agent) Adversaries may gather this information through [System Information Discovery](https://attack.mitre.org/techniques/T1082) or by users navigating to adversary-controlled websites, and then use that information to craft their web traffic to evade defenses.(Citation: Gummy Browsers: Targeted Browser Spoofing against State-of-the-Art Fingerprinting Techniques)

Supported Platforms
Linux macOS Windows
Created

April 29, 2026

Last Updated

April 29, 2026

STIX Data 
{'created': '2025-09-22T20:13:45.616Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': 'Adversaries may attempt to blend in with legitimate traffic '
                'by spoofing browser and system attributes like operating '
                'system, system language, platform, user-agent string, '
                'resolution, time zone, etc.  The HTTP\xa0User-Agent\xa0'
                'request header\xa0is a string that lets servers and network '
                'peers identify the application, operating system, vendor, '
                'and/or version of the requesting\xa0user agent.(Citation: '
                'Mozilla User Agent)\n'
                '\n'
                'Adversaries may gather this information through [System '
                'Information '
                'Discovery](https://attack.mitre.org/techniques/T1082) or by '
                'users navigating to adversary-controlled websites, and then '
                'use that information to craft their web traffic to evade '
                'defenses.(Citation: Gummy Browsers: Targeted Browser Spoofing '
                'against State-of-the-Art Fingerprinting Techniques)',
 'external_references': [{'external_id': 'T1036.012',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1036/012'},
                         {'description': 'MDN contributors. (2025, July 4). '
                                         'User-Agent header. Retrieved October '
                                         '19, 2025.',
                          'source_name': 'Mozilla User Agent',
                          'url': 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/User-Agent'},
                         {'description': 'Zengrui Liu, Prakash Shrestha, and '
                                         'Nitesh Saxena. (2021, October 19). '
                                         'Retrieved September 22, 2025.',
                          'source_name': 'Gummy Browsers: Targeted Browser '
                                         'Spoofing against State-of-the-Art '
                                         'Fingerprinting Techniques',
                          'url': 'https://arxiv.org/pdf/2110.10129'}],
 'id': 'attack-pattern--afac5dbc-4383-4fb6-9ba6-45b25d49e530',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'defense-evasion'}],
 'modified': '2025-10-19T19:41:22.343Z',
 'name': 'Browser Fingerprint',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.3.0',
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': True,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['Linux', 'macOS', 'Windows'],
 'x_mitre_version': '1.0'}
Quick Actions
Edit TTP Update from Web
Back to TTPs
Dashboard About