Every web server has an inner ordering of the header. The first method consists of observing the ordering of the several headers in the response. Below is a list of some methodologies that allow testers to deduce the type of web server in use. More refined techniques take in consideration various characteristics of the several web servers available on the market. Server: Apache/1.3.3 (Unix) (Red Hat/Linux)įrom the Server field, one can understand that the server is likely Apache, version 1.3.3, running on Linux operating system.įour examples of the HTTP response headers are shown below. Let’s see an example of a general response we get from a unhardened a webserver: X-Client-Data: CIa2yQEIprbJAQiptskBCMS2yQEI6YjKAQjllMoB User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/.81 Safari/537.36 Let’s see an example of a general request sent without hardening a webserver:Īccept: text/html,application/xhtml+xml,application/xml q=0.9,image/webp,*/* q=0.8 Testing for Fingerprinting Webserverīasically when we interact with the Webserver we give a request to the webserver and get back a response from a webserver. So by sending several different commands, the tester can increase the accuracy of their guess. Rarely do different versions react the same to all HTTP commands. Please note that it usually takes several different commands to accurately identify the web server, as different versions may react similarly to the same command. By knowing how each type of web server responds to specific commands and keeping this information in a web server fingerprint database, an attacker/penetration tester can send these commands to the web server, analyze the response, and compare it to the database of known signatures.
UTF 8 CONVERTER FILTER EVASION SOFTWARE
This information can be derived by sending the web server specific commands and analyzing the output, as each version of web server software may respond differently to these commands. Knowing the type of web server which we are going to attack significantly helps in the process of attack.
There are several different vendors and versions of web servers on the market today. Web server fingerprinting is nothing but gathering the version and type of a running web server allows attackers to determine known vulnerabilities and the appropriate exploits to use during attack.
0 kommentar(er)
