Thursday, 16 October 2014

What is Fingerprint Web Server attack

What is fingerprinting?

Fingerprint is the most common activity for attackers is to first footprint the objective’s web presence & enumerates as much of data as possible. With this data, the attacker might develop a right and accurate attack scenarios, which will efficaciously exploit vulnerability in the software type and version being utilized through the target host.

Fingerprinting Web Server:
A fingerprinting Web server is a critical work for the entrance tester. Knowing the version or type of an executing web server allows to the testers to determine known vulnerabilities & the appropriate feats to use during testing. Today's there are many different vendors or versions of web server in the market. Knowing the type of web server i.e. being tested significantly help in the testing activity & can also change the flow of test. This data can be derived through sending the web server’s specific commands or analyzing the results, as every version of web server’s software may respond differently of these commands.

Objective of the test web server:
Find out the version or type of a running web server to determine known of vulnerabilities &the suitable exploits to use at the time of testing. Find out the versions & different type of an executing web server to determine the known of vulnerabilities & appropriate feats to use of during testing.

How to perform test in fingertip web server:

Black Box testing:
The Black Box testing is a simplest & most basic form of identifying the web server is to see at server field in HTTP response.

Protocol’s Behavior:
More sophisticated techniques take in consideration many characteristics of several web servers present on the market.

How to use the Automated Testing in web server:
Rather than trust on manual banner grabbing or analysis of the web server headers, a tester can use tools to get the same outcome. There are various tests to carry out in order to correctly fingerprint a web server. There are some tools that automate these tests. "Http print" is one of such tool. “Hyper Text Transfer Protocol print” uses a signature of dictionary that allows it to identification the type or the version of web server in the use.

Fingerprinting Methodologies:
Some fingerprinting methodologies given below:
1.       Identifies the Web Server Versions.
2.       Identifies the Web Services Technologies’.
3.       Identifies the Backend Database Versions.
4.       Identifies the Web Application Software’s.
5.       Identifies the Web Architecture and Topology.

Identifying the Web Server Versions:
1.       Implementation the differences of Hyper Text Transfer Protocol.
2.       Reviewing Server banner Information’s.

3.       Error Page.

No comments:

Post a comment

Bookmark Us

Delicious Digg Facebook Favorites More Stumbleupon Twitter