Fingerprinting Web Server

OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C7 PC-C7 CWE-200 ISO27001-A.18.1.3 WASC-13 WSTG-INFO-02

Web server fingerprinting is one of the critical task for a penetration tester. By knowing the version and type of a running web server allows testers to determine known vulnerabilities and the appropriate exploits to use during testing. Geting the information about the types and version of the services that uses in the web server helps to find known vuln and exploites for that services during the test. A peneration tester will store information related to how each type of web server responds to specific commands. The tester can send these commands to the web server, analyze the response, and compare it to the database of known signatures.

Example

    $ nc 202.41.76.251 80
    HEAD / HTTP/1.0
    
    HTTP/1.1 200 OK
    Date: Mon, 16 Jun 2003 02:53:29 GMT
    Server: Apache/1.3.3 (Unix)  (Red Hat/Linux)
    Last-Modified: Wed, 07 Oct 1998 11:18:14 GMT
    ETag: "1813-49b-361b4df6"
    Accept-Ranges: bytes
    Content-Length: 1179
    Connection: close
    Content-Type: text/html

    

By analyzing the response the tester will know the server type. This gives an idea to the tester on how to attack.

Impact

A tester can find any possible vulnerabilities in the application and can exploit that vulnerability to attack the system.

Mitigation / Precaution

  • Make sure to hide the web server. Atleast make sure to hide the version number

Latest Articles