Pentesting a Web Applicaton behind Akamai Technology
- From: grd@xxxxxxxxxxxx
- Date: 16 May 2007 13:41:54 -0000
Hi everybody,
I'm doing a Pentest on a Web Application for a client. The only information I have is the DNS name of the website. After doing the basic steps of footprint and enumeration, I found out that the IP adress of the website is not in the IP range of the client and is owned by Akamai Technology. It means that if I'm going on with the furter steps of pentesting, I'll pentest Akamai and not the "real" website of the client.
Is there a way to find the "real" IP address of the website ?
Has everyone faced this kind of configuration ?
For information, this is the header of the website when attempting a page that doesn't exist :
HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 186
Expires: Wed, 16 May 2007 13:39:42 GMT
Date: Wed, 16 May 2007 13:39:42 GMT
Connection: close
Thanks,
Greg
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
- Follow-Ups:
- Re: Pentesting a Web Applicaton behind Akamai Technology
- From: Dotzero
- RE: Pentesting a Web Applicaton behind Akamai Technology
- From: peter.schaub
- Re: Pentesting a Web Applicaton behind Akamai Technology
- Prev by Date: Re: Sneaking a peek on Wlan in airports
- Next by Date: Re: Sneaking a peek on Wlan in airports
- Previous by thread: Controling the eip
- Next by thread: RE: Pentesting a Web Applicaton behind Akamai Technology
- Index(es):
Relevant Pages
|
