RE: http fingerprinting

From: Dieter Sarrazyn (dsrat_private)
Date: Thu Apr 10 2003 - 02:41:24 PDT

Next message: Eduardo Segura: "IPv4 - mapped address considered harmful"

Previous message: defaillanceat_private: "Re: Firewall Testing Software"
Maybe in reply to: Rick Hoekman: "http fingerprinting"
Next in thread: shawnmer: "Re: http fingerprinting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I'm not sure if it's this you're looking for but a little trick I used
with such a webserver was the following:

The webserver didn't give away it's type & version when I used nc or
telnet to grab it's banners but the following did work:

Start a sniffer (e.g. ethereal) and browse to the website (on the same
host). Then use the follow tcp stream function of ethereal on the first
Syn, Syn/Ack, Ack combination and you should see the server version. At
least this worked in my case, something worth to try?

Regards,
Dieter

> -----Original Message-----
> From: Rick Hoekman [mailto:rickat_private] 
> Sent: woensdag 9 april 2003 2:57
> To: pen-testat_private
> Subject: http fingerprinting
> 
> 
> Anyone know if there are tools to fingerprint webservers that 
> do not give away their type and version?
> 
> As far as I know there is a paper/thesis on one tool called 
> HMAP.pl. You can read it here 
> http://seclab.cs.ucdavis.edu/papers/hmap-> thesis.pdf
> 
> Thanks!
> 
> 
> Rick
> 
> -- 
> "I know that you all think 
> that I'm paranoid" -- anonymous "Paranoia is knowing all the 
> facts" -- Woody Allen "Paranoia is reality seen on a finer 
> scale." -- Philo Gant, Strange Days "Paranoia is heightened 
> awareness" -- anonymous
> 
> 
> --------------------------------------------------------------
> Costs are climbing and complaints are rising
> as SPAM overloads your e-mail servers and Inboxes
> SurfControl E-mail Filter puts the brakes on spam & viruses
> and gives you the reports to prove it. 
> http://www.securityfocus.com/SurfControl-pen-> test2
> Download a 
> free trial and see just
> what's going in and 
> out of your organization. 
> --------------------------------------------------------------
> 
> 

--------------------------------------------------------------
Costs are climbing and complaints are rising
as SPAM overloads your e-mail servers and Inboxes
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it.
http://www.securityfocus.com/SurfControl-pen-test2
Download a free trial and see just
what's going in and out of your organization. 
--------------------------------------------------------------

Next message: Eduardo Segura: "IPv4 - mapped address considered harmful"
Previous message: defaillanceat_private: "Re: Firewall Testing Software"
Maybe in reply to: Rick Hoekman: "http fingerprinting"
Next in thread: shawnmer: "Re: http fingerprinting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 10 2003 - 14:38:30 PDT