Presentation Material
Abstract
HTTP: Advanced Assessment Techniques
Saumil Udayan Shah, Director of Research & Development, NT OBJECTives Inc; Director, Net-Square Solutions Pvt. Ltd. [ IIS, SQL, ISA, etc. ]
The Fire and Water toolkit contains tools for both assessment and defense of web servers. This talk discusses some advanced techniques used in the F&W toolkit which overcomes efficiency problems and highly increases the accuracy of the tools. Two of the techniques discussed here include Web and Application server identification, and HTTP page signatures. Web and Application server identification allows for discovery of the underlying web server platform, despite it being obfuscated, and other application components which may be running as plug-ins. HTTP page signatures allow for advanced HTTP error detection and page groupings. A few other HTTP probing techniques shall be discussed as well. A Blackhat version of the Fire and Water toolkit will be specially released, which demonstrates the techniques being discussed. The current version of the Fire and Water toolkit, containing a preview of the techniques, is available for download from NT Objectives. A whitepaper is being prepared, which shall be available from the same URL.
AI Generated Summarymay contain errors
Here is a summary of the content:
The speaker is an expert in content summarization and discusses their approach to identifying page signatures, which involves ignoring minor differences (less than a certain percentage) in the string. They claim that their method works well for most practical purposes but may not be effective for pages with high degrees of randomness.
The speaker demonstrates their method using an ASP page with different parameters passed in, showing that the page signature remains the same despite varying parameters. They also discuss how fingerprinting can help identify parameters in a CGI page, suggesting that one approach is to crawl the site, group pages by signature, and eliminate 99% of pages, leaving only one resource.
Additionally, the speaker addresses questions about proxy servers, explaining that sometimes web servers behave like proxy servers due to misconfiguration (e.g., squid server), design flaws (e.g., compact insight manager), or complex configurations involving front-end and back-end systems. They clarify that Apache by itself does not exhibit this behavior, but rather it is the result of configuration choices.
Overall, the speaker presents their expertise in content summarization and page signature identification, while also addressing related questions about fingerprinting and proxy servers.