RE: http fingerprinting

From: Dieter Sarrazyn (dsr@ascure.com)
Date: Thu Apr 10 2003 - 05:41:24 EDT


Hi,

I'm not sure if it's this you're looking for but a little trick I used
with such a webserver was the following:

The webserver didn't give away it's type & version when I used nc or
telnet to grab it's banners but the following did work:

Start a sniffer (e.g. ethereal) and browse to the website (on the same
host). Then use the follow tcp stream function of ethereal on the first
Syn, Syn/Ack, Ack combination and you should see the server version. At
least this worked in my case, something worth to try?

Regards,
Dieter

> -----Original Message-----
> From: Rick Hoekman [mailto:rick@paranoia.nl]
> Sent: woensdag 9 april 2003 2:57
> To: pen-test@securityfocus.com
> Subject: http fingerprinting
>
>
> Anyone know if there are tools to fingerprint webservers that
> do not give away their type and version?
>
> As far as I know there is a paper/thesis on one tool called
> HMAP.pl. You can read it here
> http://seclab.cs.ucdavis.edu/papers/hmap-> thesis.pdf
>
> Thanks!
>
>
> Rick
>
> --
> "I know that you all think
> that I'm paranoid" -- anonymous "Paranoia is knowing all the
> facts" -- Woody Allen "Paranoia is reality seen on a finer
> scale." -- Philo Gant, Strange Days "Paranoia is heightened
> awareness" -- anonymous
>
>
> --------------------------------------------------------------
> Costs are climbing and complaints are rising
> as SPAM overloads your e-mail servers and Inboxes
> SurfControl E-mail Filter puts the brakes on spam & viruses
> and gives you the reports to prove it.
> http://www.securityfocus.com/SurfControl-pen-> test2
> Download a
> free trial and see just
> what's going in and
> out of your organization.
> --------------------------------------------------------------
>
>

--------------------------------------------------------------
Costs are climbing and complaints are rising
as SPAM overloads your e-mail servers and Inboxes
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it.
http://www.securityfocus.com/SurfControl-pen-test2
Download a free trial and see just
what's going in and out of your organization.
--------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:32 EDT