Presentation Material
Abstract
HTTP Fingerprinting and Advanced Assessment Techniques Saumil Udayan Shah, Director, Net-Square Solutions
This talk discusses some advanced techniques in automated HTTP server assessment which overcome efficiency problems and increase the accuracy of the tools. Two of the techniques discussed here include Web and Application server identification, and HTTP page signatures. Web and Application server identification allows for discovery of the underlying web server platform, despite it being obfuscated, and other application components which may be running as plug-ins. HTTP page signatures allow for advanced HTTP error detection and page groupings. A few other HTTP probing techniques shall be discussed as well. A free tool - HTTPRINT which performs HTTP fingerprinting, shall be released along with this presentation.
AI Generated Summarymay contain errors
Here is a summarized version of the content:
The speaker is demonstrating a tool called Data Pipe, which allows users to tunnel RDP traffic over an HTTP proxy to an internal network that cannot be reached from the outside. This is achieved by modifying the original Data Pipe code written by Todd Beerling in 1995.
The modifications include binding to a specific source port and adding set sock Ops to make sockets quickly reusable. The speaker shows how the tool works, establishing a connection through the HTTP proxy and then handing off the TCP stream.
The demo highlights the effectiveness of Data Pipe even with traffic-intensive protocols like RDP. The speaker notes that this can be used to connect to any other TCP protocol, such as SSH or SQL Server.
The talk concludes with some final thoughts on automated web security assessment, emphasizing the importance of overcoming HTTPS customizable aspects and not relying on security through obscurity. The speaker also addresses some questions from the audience, including concerns about access control on the proxy and potential denial-of-service attacks using HT Print.