Penetration Testing mailing list archives

Re: http fingerprinting

From: shawnmer <shawnmer () io com>
Date: Thu, 10 Apr 2003 17:42:56 -0500 (CDT)

Hi,

Jeremiah Grossman gave a presentation at Seattle Blackhat 03 that may shed 
some light on this...in particular he covers using OPTIONS as unique 
identifiers.

http://www.blackhat.com/presentations/bh-asia-02/bh-asia-02-grossman.pdf

Thanks,

-scm



RH:Rick Hoekman

RH>Anyone know if there are tools to fingerprint webservers that do not
RH>give away their type and version?
RH>
RH>As far as I know there is a paper/thesis on one tool called HMAP.pl. You
RH>can read it here http://seclab.cs.ucdavis.edu/papers/hmap-thesis.pdf
RH>
RH>Thanks!
RH>
RH>Rick
RH>
RH>


--------------------------------------------------------------
Costs are climbing and complaints are rising
as SPAM overloads your e-mail servers and Inboxes
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it.
http://www.securityfocus.com/SurfControl-pen-test2
Download a free trial and see just
what's going in and out of your organization. 
--------------------------------------------------------------

Current thread:

http fingerprinting Rick Hoekman (Apr 09)
- Re: http fingerprinting Eric Haugh (Apr 10)
- Re: http fingerprinting Franck Veysset (Apr 10)
- Re: http fingerprinting Nicolas Gregoire (Apr 10)
- Re: http fingerprinting Wojciech Pawlikowski (Apr 10)
- Re: http fingerprinting shawnmer (Apr 11)
- <Possible follow-ups>
- Re: http fingerprinting Bill Pennington (Apr 10)
- RE: http fingerprinting Dieter Sarrazyn (Apr 10)