Hackers of India

HTTP Fingerprinting & Advanced Assessment Techniques

 Saumil Shah 

2003/07/31


Presentation Material

Abstract

HTTP Fingerprinting and Advanced Assessment Techniques Saumil Udayan Shah, Director, Net-Square Solutions

This talk discusses some advanced techniques in automated HTTP server assessment which overcome efficiency problems and increase the accuracy of the tools. Two of the techniques discussed here include Web and Application server identification, and HTTP page signatures. Web and Application server identification allows for discovery of the underlying web server platform, despite it being obfuscated, and other application components which may be running as plug-ins. HTTP page signatures allow for advanced HTTP error detection and page groupings. A few other HTTP probing techniques shall be discussed as well. A free tool - HTTPRINT which performs HTTP fingerprinting, shall be released along with this presentation.