HTTP finger printing

**Grease** · June 24th, 2004, 06:05 PM

Anyone, what is HTTP Fingerprinting and how can I use CGI to prevent it?

**thread_killer** · June 24th, 2004, 06:18 PM

Google is your friend.

I feel lucky

**TmBerg** · June 24th, 2004, 10:11 PM

Pretty easy to prevent detection.

***slarty*** · June 24th, 2004, 10:56 PM

I should refer the OP to my article on ProjectZ.org which contains a discussion of HTTP fingerprinting.

You can't prevent it too easily with CGI, your best bet is to install third party web server plugins, or use a load/balancer or other redirector of some kind to obfuscate your headers.

The article is here

Slarty

**mmkhan** · June 25th, 2004, 11:40 AM

Hi all,

A great article and tool for HTTP fingerprinting
http://net-square.com/httprint/httprint_paper.html

HMAP
http://ujeni.murkyroc.com/hmap/

HMAP: A Technique and Tool For Remote Identification of HTTP fingerprinting
http://seclab.cs.ucdavis.edu/papers/hmap-thesis.pdf

Detecting and Defending against Web-Server Fingerprinting
http://acsac.org/2002/papers/96.pdf

No method available for counter measure through CGI.

currently i m doing project on effective methods for HTTP fingerprinting and for their countermeasures and in that regard i have written a tool that is still in its beta phase.

Thanks

Thread: HTTP finger printing

Thread Tools

Display

HTTP finger printing

HTTP fingerprinting

Posting Permissions