Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Web App fingerprinting

From: offset <offset () svcroot net>
Date: Mon, 20 Mar 2006 17:59:47 +0200
This thread may interest you.

http://seclists.org/lists/pen-test/2006/Jan/0210.html
http://seclists.org/lists/pen-test/2006/Jan/0249.html

-off

On Mon, Mar 20, 2006 at 05:19:18PM +1100, Ivan . wrote:

Hi

Just wondering if anyone has come across a resource for Web and Web
App fingerprinting?

There is this for matching "ETag:" variable in the headers
Like http://net-square.com/httprint/httprint_paper.html

I am looking for something similar for Cookies?
For example
Cookie: .ASPXANONYMOUS=<insertlotsofcharacters>;
Is obviously a Microsoft IIS running .NET

Set-Cookie:WebLogicSession=<insertlotsofcharacters>; path=/
is BEA Weblogic

Cookie: JSESSIONID=<insertlotsofcharacters>.appwp34
Apache Tomcat??

Thanks
Ivan


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: