Web server http protocol version support

[Marc Ruef <marc.ruef () computec ch>]

Dear list,

I am currently working on the upcoming release 3.0 of my Attack Tool Kit 
(ATK), an open vulnerability scanner and exploiting framework for 
Windows.[1]

In this case I try to increase the accuracy of the pattern matching 
based plugins to detect successfull web server vulnerability detection 
or exploitation. I am using regulary expressions to do this (See [2] for 
some examples).

When I was updating the (web server) plugins yesterday, a question came 
up: What kind of http protocols do popular web servers as like Apache or 
MS IIS support in responses? Is it always HTTP/1.1 no matter what http 
protocol version specification is given in the request[3]? What http 
protocol versions are planned? A new major release or just minor 
changes? What is the best expression to fetch successfull http requests 
now and in the future too[4]? Is the user able to deny the support for a 
specific protocol version and respond as 0.9 only for example?

Regards,

Marc

[1] http://www.computec.ch/projekte/atk/
[2] http://www.computec.ch/projekte/atk/plugins/pluginslist/pluginslist.html
[3] I took a look at the source code of the latest Apache release and 
saw that in some cases other http protocol versions are re-written/used. 
Usually the regulary 0.9, 1.0 and 1.1
[4] For example "HTTP/#.# *" when using the "like" regulary expressions 
of Visual Basic 6. It may be possible to be more accurate, isn't it? The 
Nessus plugins are often using very fuzzy pattern matching in this case.

--
Computer, Technik und Security                  http://www.computec.ch/
Meine private Webseite                    http://www.computec.ch/mruef/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html