Results 1 to 5 of 5

Thread: HTTP Fingerprinting

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207

    HTTP Fingerprinting

    Just giving you a link to this article I wrote a while ago, thought it may interest people. I'll paste the abstract

    HTTP Fingerprinting

    HTTP servers often provide a signature with their responses which informs the client of the version. However recently many servers have begun to remove this signature, or even to lie. This article explains how we can fingerprint servers, thus identifying them independently of the signature. I also provide an implementation.
    The full article may be found here

    http://projectz.org/?id=142

    Dunno if this is the right forum, it seemed as good as any.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Why do you use GET instead of HEAD to get the headers? Interesting idea though.
    Did you notice any difference in response to a HTTP/1.0 and HTTP/1.1 request?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    SirDice, one reason I would use the actual GET versus the HEAD is that it might set off alarms of a site or might be filtered out entirely...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by nebulus200
    SirDice, one reason I would use the actual GET versus the HEAD is that it might set off alarms of a site or might be filtered out entirely...

    /nebulus
    Probably not or they will break alot of ppl's browsers. IE uses HEAD alot to find out if the page is newer then the one in the cache. Newer versions of IE also tend to send a PROPFIND before a HEAD and GET.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Why do you use GET instead of HEAD to get the headers?
    Hmm, not sure. I guess that's just how I made it. I haven't tested whether it would work with HEAD.

    Initially I tried some other methods too, but didn't get enough useful stuff back to care. I tried using OPTIONS and also a nonexistent method, but didn't get any particularly unique responses.

    Did you notice any difference in response to a HTTP/1.0 and HTTP/1.1 request?
    Some web servers don't support HTTP/1.1, I did think of that. Just they are not the main ones I'm interested in.

    Some web servers or caches send a 1.0 response to a 1.1 request, but certainly in the case of Apache, that is configureable on a per-user-agent basis (as a work around for broken clients)

    I haven't tried exotic stuff like chunked responses, or partial content requests. That might be of use, but would require more effort to understand.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •