Penetration Testing mailing list archives
Re: Pentesting a Web Applicaton behind Akamai Technology
From: Dotzero <dotzero () gmail com>
Date: Thu, 17 May 2007 12:19:00 -0400
On 16 May 2007 13:41:54 -0000, grd () netexpert ch <grd () netexpert ch> wrote:
Hi everybody, I'm doing a Pentest on a Web Application for a client. The only information I have is the DNS name of the website. After doing the basic steps of footprint and enumeration, I found out that the IP adress of the website is not in the IP range of the client and is owned by Akamai Technology. It means that if I'm going on with the furter steps of pentesting, I'll pentest Akamai and not the "real" website of the client. Is there a way to find the "real" IP address of the website ? Has everyone faced this kind of configuration ? For information, this is the header of the website when attempting a page that doesn't exist :
It is possible that there is no "Real" IP address of the website. Akamai has a service offering called netstorage. Some of their customers upload the files to netstorage and they pull them from netstorage when their edgeservers get a request. They also have an offering called edgecomputing where the application lives on their servers. The fact that you were given "Akamai" does not automagically mean there is an origin server. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Pentesting a Web Applicaton behind Akamai Technology grd (May 16)
- RE: Pentesting a Web Applicaton behind Akamai Technology peter.schaub (May 16)
- Re: Pentesting a Web Applicaton behind Akamai Technology Lee Lawson (May 17)
- Pentesting a Web Applicaton Stong, Ian C CTR DISA GIG-CS (May 31)
- Re: Pentesting a Web Applicaton Ed Hottle (May 31)
- Re: Pentesting a Web Applicaton Anders Thulin (May 31)
- RE: Pentesting a Web Applicaton Erin Carroll (May 31)
- Re: Pentesting a Web Applicaton behind Akamai Technology Lee Lawson (May 17)
- RE: Pentesting a Web Applicaton behind Akamai Technology peter.schaub (May 16)
- Re: Pentesting a Web Applicaton behind Akamai Technology Dotzero (May 17)