The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Connection: Keep-Alive

Content-Type: text/html

Set-Cookie: Coyote-2-d1f579d9=ac1000d9:0; path=/

Despite measures such as this, it is usually possible for a determined

attacker to use other aspects of the web server’s behavior to determine the

software in use, or at least narrow down the range of possibilities. The HTTP

specification contains a lot of detail that is optional or left to an implementer’s

discretion. Further, many web servers deviate from or extend the specification

in various different ways. As a result, there are numerous subtle ways in which

a web server can be fingerprinted, other than via its 

Server

banner. Httprint is

a handy tool that performs a number of tests in an attempt to fingerprint a web

server’s software. In the case of Port80 Software’s server, it reports with a 58%

degree of confidence that the server software in use is in fact Microsoft IIS ver-

sion 5.1, as shown in Figure 4-6.

Figure 4-6:  Httprint fingerprinting various different web servers

The screenshot also illustrates how Httprint can defeat other kinds of

attempts to mislead about the web server software being used. The Found-

stone web site uses a misleading banner, but Httprint can still discover the

actual software. And the RedHat server is configured to present the nonver-

bose banner “Apache,” but Httprint is able to deduce the specific version of

Apache being used with a high degree of confidence.

Download 5,76 Mb.

Do'stlaringiz bilan baham: