Results 1 to 8 of 8

Thread: White Paper : Automated Web application fingerprinting Share/Save - My123World.Com!

  1. #1
    Security Researcher
    Join Date
    May 2011
    Location
    Pune, Maharashtra, India
    Posts
    237
    Blog Entries
    1

    White Paper : Automated Web application fingerprinting

    Hi all,

    recently i have been studing web application finger printing and related automation.
    I have collected all my work in a whitepaper.

    This Paper discusses about a relatively nascent field of Web Application finger printing, how automatedweb application fingerprinting is performed in the current scenarios, what are the visible shortcomingsin the approach and then discussing about ways and means to avoid Web Application Finger Printing.

    Eagarly waiting to hear responses.


    BLOG POST : http://blog.anantshri.info/white-pap...nd-prevention/

    WHITE PAPER : HTML : http://anantshri.info/articles/web_a..._printing.html

    WHITE PAPER : PDF : http://www.slideshare.net/anantshri/...ing-whitepaper

    WHITE PAPER PDF DOWNLOAD : http://www.slideshare.net/anantshri/...aper/download/
    Website :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    Blog :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  2. #2
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    very nice reading ... TFS
    also can you plz elaborate a little of the File and Folder Presence (HTTP response codes) section .. it will be very helpful
    In the world of 0s and 1s, are you a zero or The One !

  3. #3
    Security Researcher
    Join Date
    May 2011
    Location
    Pune, Maharashtra, India
    Posts
    237
    Blog Entries
    1
    Quote Originally Posted by abhaythehero View Post
    very nice reading ... TFS
    also can you plz elaborate a little of the File and Folder Presence (HTTP response codes) section .. it will be very helpful
    file and folder presence basically refers to the habbit of automated tools and / or manual inspection people to conclude on the basis of existance of folder.

    example if a folder named phpmyadmin is present its concluded that they have phpmyadmin installed.

    or in case of the code snippets i have given something like wp-content or wp-admin folder or wp-login.php file can make them believe its wordpress.

    also what i have described is that earlier there used to be clear distinction 200 OK page found 404 Not found however now site owners have a habbit of custom 404 pages and they send in 200 OK for 404 also and hence the technique now a days try some highly probable non exisiting file and note its 404 page as reference 404.

    and then do 200 OK and 404 Not found checks.
    Website :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    Blog :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  4. #4
    Network Security Administrator Hackuin's Avatar
    Join Date
    Apr 2011
    Location
    10011001 10011001
    Posts
    104
    @Anant:
    Very good paper mate.

    @abhay:

    You need to understand the HTTP protocol first. If you are manually inspecting, be careful with HTTP version you are around with. For example:

    If we are coding/inspecting weather the folder "/forum/index.php" present on "http://wwww.andhrahackers.com", watch the key difference, in the image.
    Although we are requesting the same page in both query's, we get different status code. Because, here, HTTP/1.1 its mandatory for a virtual hosts different DNS names share the same IP. I have seen few people's coding buggy self-made-quick spiders, which results in false+ve results.

    "Free software" is a matter of liberty, not price. To understand the concept, you should think of "free" as in "free speech," not as in "free beer."
    "Microsoft is not the answer. Microsoft is the question. NO (or Linux) is the answer."
    "Ubuntu - Linux For Human Beings."

    Currently reading books:
    Integrating Forensic Investigation Methodology into eDiscovery -- by Colin Chisholm.
    Digital Forensics with Open Source Toolss -- by Cory Altheide && Harlan Carvey.

  5. #5
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    This would save some time for me on something I would be working on, obviously not the prevention mechanism :P, but I consider this as one good source of methodologies to do a good finger printing, especially those parts where you have detailed multiple tools and how there finger printing works. Thanks for the share.
    Hacking Is a Matter of Time Knowledge and Patience

  6. #6
    Security Researcher
    Join Date
    May 2011
    Location
    Pune, Maharashtra, India
    Posts
    237
    Blog Entries
    1
    Quote Originally Posted by fb1h2s View Post
    This would save some time for me on something I would be working on, obviously not the prevention mechanism :P, but I consider this as one good source of methodologies to do a good finger printing, especially those parts where you have detailed multiple tools and how there finger printing works. Thanks for the share.
    the ultimate aim was always to encourage automation however problem is people think enough automation is done so made this to realize them that still lots of automation is required and lots of logic building is required.
    Website :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    Blog :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  7. #7
    @Hackuin: If I am seeing it right, the image that you have posted is making requests over HTTP/1.0 in both the cases. here's what I got when I did an HTTP/1.0 with and without the host header and the HTTP/1.1 with and without the Host header.


  8. #8
    Network Security Administrator Hackuin's Avatar
    Join Date
    Apr 2011
    Location
    10011001 10011001
    Posts
    104
    @Karniv0re:
    That is the reason, I told at very first, be careful when inspecting manually or even coding a application. The behavior the HTTP is little up-headed.

    Code:
    HEAD /forum/index.php HTTP/1.0
    Host: www.andhrahackers.com
    We know, www is just a convention for classic misconceptions. As the most people thinks, websites starts with "www", most of the web-master, use www.somesite.com and redirect somesite.com . So, is the case here,

    if you specify, Host field without "www", it will redirect you to alternative URI. As, 302 should always contain a alternative URI, browser will automatically follow the URI, so we do rarely see the 302 redirects.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •