Re: http fingerprinting
From: shawnmer (shawnmer@io.com)
Date: 04/11/03
- Previous message: Einecker, Leah: "RE: Proof of Concept Tool on Web Application Security"
- In reply to: Rick Hoekman: "http fingerprinting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Apr 2003 17:42:56 -0500 (CDT) From: shawnmer <shawnmer@io.com> To: Rick Hoekman <rick@paranoia.nl>
Hi,
Jeremiah Grossman gave a presentation at Seattle Blackhat 03 that may shed
some light on this...in particular he covers using OPTIONS as unique
identifiers.
http://www.blackhat.com/presentations/bh-asia-02/bh-asia-02-grossman.pdf
Thanks,
-scm
RH:Rick Hoekman
RH>Anyone know if there are tools to fingerprint webservers that do not
RH>give away their type and version?
RH>
RH>As far as I know there is a paper/thesis on one tool called HMAP.pl. You
RH>can read it here http://seclab.cs.ucdavis.edu/papers/hmap-thesis.pdf
RH>
RH>Thanks!
RH>
RH>Rick
RH>
RH>
--------------------------------------------------------------
Costs are climbing and complaints are rising
as SPAM overloads your e-mail servers and Inboxes
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it.
http://www.securityfocus.com/SurfControl-pen-test2
Download a free trial and see just
what's going in and out of your organization.
--------------------------------------------------------------
- Previous message: Einecker, Leah: "RE: Proof of Concept Tool on Web Application Security"
- In reply to: Rick Hoekman: "http fingerprinting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
