OmniHTTPd: Another special behaviour for successful requests is the status text "Document Follows" (similar to TclHttpd) where usually an "OK" is used.Roxen: The length of the ETag values is always set to 34 bytes and they are usually surrounded by double-quotes.A request for a non-existing ressource returns the statuscode "File Not Found" instead of the more common "Not Found". And in the later releases 5.x the Date announcement moved the Server announcement to the second line. The version 4.x do not use this value anymore and rely on Server as first element. 4D WebSTAR: Versions prior 4.x always announce the MIME-Version as first element of the http response header.Very special in this case is the header line EXT. Zyxel: The embedded web server of Zyxel devices proposes usually the same http response header structure: Content-Type, Date, Pragma, Expires, Transfer-Encoding, Server, and EXT.A Compaq HTTP Server sends the http statuscode 200 (Ok) even a very long URI was proposed within the request (also common for LANCOM DSL router). And the response header always consists of: Date, Server, Content-type, Content-length, and Set-Cookie. They also use uncapitalized letters is a response line uses some dash (e.g. A very special behaviour is the statustext "Ok" instead of full capitalized "OK" for a successful processing. Compaq HTTP Server: Old implementations of the generation 5.x always propose HTTP/1.0 instead of HTTP/1.1 as protocol.Netscape Enterprise Server: This implementation usually uses these three values within a response header: Server, Date, and Content-type.Sun One Web Server: The implemenation by Sun Microsystems Inc.In some cases also an additional line similar to Allow is used and defined as Public. Usually the supported http methods are announced as: OPTIONS, TRACE, GET, and HEAD. Oracle Application Server: The length of the ETag values varies between 15 and 30 bytes and they are usually surrounded by double-quotes.This web server is the only one so far which is announcing ASP.NET within the X-Powered-By line. Microsoft IIS: The length of the ETag values varies between 18 and 23 bytes.Usually the supported http methods are announced as: GET, HEAD, POST, OPTIONS, and TRACE. It is also common that an Apache web server reacts with the statuscode 403 (Forbidden) if a very long URI was proposed within the request. It is very typical for an Apache installation to announce PHP/x.x.x within the X-Powered-By line (it is also common for Abyss). The length of the ETag values varies between 17 and 34 bytes and they are usually surrounded by double-quotes. Apache: Every generation of Apache web servers usually introduces these three values first in an http response header: Date, Server, and X-Powered-By (optional).The following list shall demonstrate the KAI for some popular implementations: Most web server implementations come with a Key Analysis Index (KAI), a very special and dominant behaviour which allows a very quick identification. This Excel sheet is comparing the four most popular HTTP fingerprinting tools (httprecon, httprint, hmap, and WebserverFP). There are differen applications for http fingerprinting available. Open-source (GPLv3): Everyone can improve the application for themselves.Autoupdate: An autoupdate feature informs about new releases. Reporting: XML, HTML and TXT reporting is provided for professional testers.IDS evasion mechanism: The configuration settings allow to use IDS evasion mechanisms.Fingerprint Wizard: Fingerprints can be saved and updated within the GUI.Plaintext Database: The fingerprint data is saved in a file-based plaintext database.Many fingerprint details: The analysis is based on many fingerprint elements.Advanced result analysis: Different methods for the analysis of results is provided.HTTPS/SSL support: Secure web servers can be tested too.Many test-cases: There are nine test-cases possible.These are the main features of the current implementation of httprecon which makes this solution better than other tools of this kind: All data is correlated which will result in the final fingerprint scan report. These elements are saved in the local fingerprint database which allows the sum of the matches. statuscode, banner, Etag length, header-order, etc.). As you can see many different fingerprint elements are looked up (e.g. The dissection of the responses is handled by the parsing and fingerprint engine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |