Penetration Testing mailing list archives
RE: http fingerprinting
From: "Dieter Sarrazyn" <dsr () ascure com>
Date: Thu, 10 Apr 2003 11:41:24 +0200
Hi, I'm not sure if it's this you're looking for but a little trick I used with such a webserver was the following: The webserver didn't give away it's type & version when I used nc or telnet to grab it's banners but the following did work: Start a sniffer (e.g. ethereal) and browse to the website (on the same host). Then use the follow tcp stream function of ethereal on the first Syn, Syn/Ack, Ack combination and you should see the server version. At least this worked in my case, something worth to try? Regards, Dieter
-----Original Message----- From: Rick Hoekman [mailto:rick () paranoia nl] Sent: woensdag 9 april 2003 2:57 To: pen-test () securityfocus com Subject: http fingerprinting Anyone know if there are tools to fingerprint webservers that do not give away their type and version? As far as I know there is a paper/thesis on one tool called HMAP.pl. You can read it here http://seclab.cs.ucdavis.edu/papers/hmap-> thesis.pdf Thanks! Rick -- "I know that you all think that I'm paranoid" -- anonymous "Paranoia is knowing all the facts" -- Woody Allen "Paranoia is reality seen on a finer scale." -- Philo Gant, Strange Days "Paranoia is heightened awareness" -- anonymous -------------------------------------------------------------- Costs are climbing and complaints are rising as SPAM overloads your e-mail servers and Inboxes SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. http://www.securityfocus.com/SurfControl-pen-> test2 Download a free trial and see just what's going in and out of your organization. --------------------------------------------------------------
-------------------------------------------------------------- Costs are climbing and complaints are rising as SPAM overloads your e-mail servers and Inboxes SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. http://www.securityfocus.com/SurfControl-pen-test2 Download a free trial and see just what's going in and out of your organization. --------------------------------------------------------------
Current thread:
- http fingerprinting Rick Hoekman (Apr 09)
- Re: http fingerprinting Eric Haugh (Apr 10)
- Re: http fingerprinting Franck Veysset (Apr 10)
- Re: http fingerprinting Nicolas Gregoire (Apr 10)
- Re: http fingerprinting Wojciech Pawlikowski (Apr 10)
- Re: http fingerprinting shawnmer (Apr 11)
- <Possible follow-ups>
- Re: http fingerprinting Bill Pennington (Apr 10)
- RE: http fingerprinting Dieter Sarrazyn (Apr 10)