Http Fingerprinting And Advanced Assessment Techniques presented at Blackhat Europe 2004

by Saumil Udayan Shah, Director of Development, Net-square Solutions,

Tags: Security Web

Summary : This talk discusses some advanced techniques in automated HTTP server assessment which overcome efficiency problems and increase the accuracy of the tools. Two of the techniques discussed here include Web and Application server identification, and HTTP page signatures. Web and Application server identification allows for discovery of the underlying web server platform, despite it being obfuscated, and other application components which may be running as plug-ins. HTTP page signatures allow for advanced HTTP error detection and page groupings. A few other HTTP probing techniques shall be discussed as well. A free tool - HTTPRINT which performs HTTP fingerprinting, shall be released along with this presentation.