Monday, 1 October 2018

Web Application Fingerprinting

Description

First steps when performing a web application penetration test is to find the version of the web server and the web application. The reason for that is, it permits us to discover all the known vulnerabilities that are affecting the web server and the web application. For doing this we will get a lot of information like application name, software version, web server info, OS, and more


How to Test  


There are several way to identify the web server and web application details. here we will use some of them.


HTTP response header to Fingerprint Web Server and Web Application.

It can be perform different way but here we will do with netcat and telnet command. 

We will send an HTTP request by using the HEAD method through  Netcat command



 We will send an HTTP request by using the HEAD method via telnet command



As we can identify from the above HTTP response header,

1. Type of the web server from the Server filed name along with the version.
2. Type of the technology from the X-Powered-By field name along with the version.
3. Web application is running on the web server which is a Ubuntu.


Cookies to Fingerprint Web Application

Another way to determine the web application framework are looking for framework specific cookies.




HTML Source code to fingerprint web application

In some cases the web application framework and version can be discovered through source code inspection. So it is always to look there as well.You can see in the following example that we have discovered the application framework by looking at the comments and footer tag.






File Extensions to fingerprint web application

Some time file extension will disclosure the web application technology.

 

In above post we saw few methods to identify the web server and web application fingerprinting. There are more methods and different tools available to verify the fingerprinting result precisely.

 
Reference:

https://www.owasp.org/index.php/Testing_for_Web_Application_Fingerprint_(OWASP-IG-004)





No comments:

Post a Comment