Penetration Testing mailing list archives
Re: reverse proxy identification
From: AdamT <adwulf () gmail com>
Date: Mon, 15 Jan 2007 18:24:34 +0000
On 12/01/07, sami ghourabi <sami.ghourabi () icn com tn> wrote:
When I browse to the IPs with firefox, I recieve several messages "No web site is configured at this address." for some IP. Does anybody here know if this message is specific to a given reverse proxy/web server product ?
IIS 4, 5 or 6. The server is being used to host several virtual web servers, and the page returned depends on the host: header sent by the browser. If you send something like: GET / HTTP/1.0 host: www.example.com and www.example.com is one of the virtual servers configured, you'll get the web page sent back to you. If you don't send a host: header, or the host specified isn't on that server, you'll get the "no web site is configured at this address". Host: headers are usually worked out by the browser, based on the DNS name specified in the URL. Easiest thing to do to change the host header sent by firefox will be to add entries to your /etc/hosts file (or %WINDIR%\System32\drivers\etc\hosts if you prefer) - and then use that hostname in the URL you're surfing to. See: http://support.microsoft.com/kb/300238 for more info. Unfortunately, I'm not aware of an easy way of enumerating which virtual hosts are configured on the server. If possible, try getting a zone transfer from one of their DNS servers to see which A and CNAME records are configured to point at that IP address. Otherwise, you're stuck with trickier methods, like sniffing traffic to see which host headers are in use, or trying to get the info from some of the end users. Maybe do a search for web pages and usenet postings containing 'example.com', and seeing what comes up. -- AdamT "A casual stroll through the lunatic asylum shows that faith does not prove anything." - Nietzsche ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- reverse proxy identification sami ghourabi (Jan 13)
- Re: reverse proxy identification Andy Ashley (Jan 15)
- RE: reverse proxy identification Paul Melson (Jan 15)
- Re: reverse proxy identification AdamT (Jan 15)
- Message not available
- Message not available
- Re: reverse proxy identification Olivier Meyer (Jan 16)
- Message not available
- Re: reverse proxy identification R. DuFresne (Jan 16)
- Re: reverse proxy identification Javier Fernández-Sanguino (Jan 19)
- <Possible follow-ups>
- Re: reverse proxy identification Faisal Khan (Jan 15)
- Re: reverse proxy identification sami.ghourabi (Jan 19)