Topics Application security Fingerprinting: Identifying applications Application security Fingerprinting: Identifying applications. So here I will discuss some techniques which are required for this task:.
Posted: May 11, We've encountered a new and totally unexpected error. Get instant boot camp pricing. Thank you! In this Series. Fingerprinting: Identifying applications Understanding hackers: The 5 primary types of external attackers Want to improve the security of your application? Think like a hacker 5 problems with securing applications Why you should build security into your system, rather than bolt it on Why a skills shortage is one of the biggest security challenges for companies How should your company think about investing in security?
The difference between cross-site and server-side request forgery 7 most common application backdoors Advanced. Related Bootcamps. Incident Response. Leave a Reply Cancel reply Your email address will not be published.
Application security. January 12, January 5, December 29, December 22, A banner grab is performed by sending an HTTP request to the web server and examining its response header. In these examples, the server type and version is clearly exposed. However, security-conscious applications may obfuscate their server information by modifying the header. For example, here is an excerpt from the response to a request for a site with a modified header:. In cases where the server information is obscured, testers may guess the type of server based on the ordering of the header fields.
Note that in the Apache example above, the fields follow this order:. Testers can use this information to guess that the obscured server is nginx.
However, considering that a number of different web servers may share the same field ordering and fields can be modified or removed, this method is not definite.
Web servers may be identified by examining their error responses, and in the cases where they have not been customized, their default error pages. Another way is while we are performing our port scan with Nmap on the remote host to use the command -sV which will obtain as well the type and the version of the web server that is running. For example in the image below we can see from the output that Nmap discovered that the web server is IIS version 6.
Another method is to send a malformed request to the web server that will cause the web server to produce an error page which will contain in the response header the version of the web server. In some cases the version of the application can be discovered through source code inspection. So it is always a good practice to look there as well.
You can see in the following example that we have discovered that the application is WordPress 3. Web application fingerprinting can be done as well with the use of automated tools that have been designed for that purpose. One of the most famous tools is of course the httprint. This tool comes with Backtrack but there is a version as well for windows. In the example below we will use a. So the httprint will try to match the signature of the target web server with the list of known signatures that the signature file contains in order to produce an accurate result.
Another tool that performs pretty much the same job with the httprint is the httprecon. This tool is for windows platforms and it basically sends different kind of request to the target web server in order to identify its version.
Also if we are performing an external web application penetration test then might also want to use an online tool which is called netcraft. This tool can retrieve also the headers of the web server and it can provide us with much more information including the operating system,the nameserver and the netblock owner and much more. As we saw the web application fingerprinting is an important task for web application penetration tests.
It will help us to identify the well-known vulnerabilities that are affecting the web server and the vulnerabilities that are affecting the application that is installed. So we will know what kind of exploits we will need to use in order to start the exploitation.
0コメント