Looking for some tips on browser fingerprinting.

In context, this is specifically what I'm trying to do (in a lab):
There's a client which is periodically browsing a webpage. I've got root on the webserver, and added a simple iframe to the page the browser gets, with a source address to my attacking machine. Now that it's sending GETs to me, I want to fingerprint it to try and attack the browser somewhat intelligently.

I have:
1) Googled the User Agent, as it shows in the access log on the webserver. Got absolutely nothing useful (that is, nothing new compared to what I got in item 2)
2) metasploit browser_autopwn ACTION=DefangedDetection tells me that it's Microsoft Windows Vista, x86. Nothing about the browser, sadly.

I am going to try BeEF... just found the tool via google, looks like it is already installed, and I just need to set it up:

Does anyone else have any other tools/methods they would recommend?