-
April 25th, 2003, 02:03 PM
#1
HTTP Fingerprinting
Just giving you a link to this article I wrote a while ago, thought it may interest people. I'll paste the abstract
HTTP Fingerprinting
HTTP servers often provide a signature with their responses which informs the client of the version. However recently many servers have begun to remove this signature, or even to lie. This article explains how we can fingerprint servers, thus identifying them independently of the signature. I also provide an implementation.
The full article may be found here
http://projectz.org/?id=142
Dunno if this is the right forum, it seemed as good as any.
-
April 25th, 2003, 03:09 PM
#2
Why do you use GET instead of HEAD to get the headers? Interesting idea though.
Did you notice any difference in response to a HTTP/1.0 and HTTP/1.1 request?
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 25th, 2003, 03:14 PM
#3
SirDice, one reason I would use the actual GET versus the HEAD is that it might set off alarms of a site or might be filtered out entirely...
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
April 25th, 2003, 04:00 PM
#4
Originally posted here by nebulus200
SirDice, one reason I would use the actual GET versus the HEAD is that it might set off alarms of a site or might be filtered out entirely...
/nebulus
Probably not or they will break alot of ppl's browsers. IE uses HEAD alot to find out if the page is newer then the one in the cache. Newer versions of IE also tend to send a PROPFIND before a HEAD and GET.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 25th, 2003, 06:57 PM
#5
Why do you use GET instead of HEAD to get the headers?
Hmm, not sure. I guess that's just how I made it. I haven't tested whether it would work with HEAD.
Initially I tried some other methods too, but didn't get enough useful stuff back to care. I tried using OPTIONS and also a nonexistent method, but didn't get any particularly unique responses.
Did you notice any difference in response to a HTTP/1.0 and HTTP/1.1 request?
Some web servers don't support HTTP/1.1, I did think of that. Just they are not the main ones I'm interested in.
Some web servers or caches send a 1.0 response to a 1.1 request, but certainly in the case of Apache, that is configureable on a per-user-agent basis (as a work around for broken clients)
I haven't tried exotic stuff like chunked responses, or partial content requests. That might be of use, but would require more effort to understand.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|