Blind Fury: An Alternate Web App Fingerprinting Technique presented at Security B-Sides London 2012

by Mike Shema,

Tags: Security

Summary : Web app fingerprinting attempts to identify the type and version of JavaScript libraries and application frameworks installed on a web site. Accurate data provides clues to known vulnerabilities in the site\'s code and make blackbox testing more efficient by providing useful feedback.
Traditional approaches to fingerprinting web apps rely on brute force enumeration of pages, scraping content with regexes, or a hybrid of the two. The has drawbacks: Page enumeration is bandwidth-intensive; its accuracy drops when "install" files are removed or pages are minified; regexes are prone to incorrect matches or are defeated by trivial site changes (such as removing <meta> content). These techniques tend to identify the presence of pages on a site, but do not indicate whether the files are actually used by the application.
Blind Fury uses a JavaScript-based approach that does not rely on page enumeration or regexes. Yet it is still able to identify several popular frameworks. In fact, the technique can be extended to generate fingerprints for almost any type of web site. It can create and analyze fingerprints from a completely blackbox perspective; it does not require prior knowledge of a target\'s directory structure.