4.0
1NSchAb
1NSchAb
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
46<br />
Web Application Penetration Testing<br />
Sample output is presented on a screenshot below:<br />
Wapplyzer is a Firefox Chrome plug-in. It works only on regular expression<br />
matching and doesn’t need anything other than the page to<br />
be loaded on browser. It works completely at the browser level and<br />
gives results in the form of icons. Although sometimes it has false<br />
positives, this is very handy to have notion of what technologies were<br />
used to construct a target website immediately after browsing a page.<br />
Sample output of a plug-in is presented on a screenshot below.<br />
BlindElephant<br />
Website: https:/community.qualys.com/community/blindelephant<br />
This great tool works on the principle of static file checksum based<br />
version difference thus providing a very high quality of fingerprinting.<br />
Language: Python<br />
Sample output of a successful fingerprint:<br />
pentester$ python BlindElephant.py http:/my_target drupal<br />
Loaded /Library/Python/2.7/site-packages/blindelephant/<br />
dbs/drupal.pkl with 145 versions, 478 differentiating paths,<br />
and 434 version groups.<br />
Starting BlindElephant fingerprint for version of drupal at http:/<br />
my_target<br />
Hit http:/my_target/CHANGELOG.txt<br />
File produced no match. Error: Retrieved file doesn’t match<br />
known fingerprint. 527b085a3717bd691d47713dff74acf4<br />
Hit http:/my_target/INSTALL.txt<br />
File produced no match. Error: Retrieved file doesn’t match<br />
known fingerprint. 14dfc133e4101be6f0ef5c64566da4a4<br />
Hit http:/my_target/misc/drupal.js<br />
Possible versions based on result: 7.12, 7.13, 7.14<br />
Hit http:/my_target/MAINTAINERS.txt<br />
File produced no match. Error: Retrieved file doesn’t match<br />
known fingerprint. 36b740941a19912f3fdbfcca7caa08ca<br />
Hit http:/my_target/themes/garland/style.css<br />
Possible versions based on result: 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8,<br />
7.9, 7.10, 7.11, 7.12, 7.13, 7.14<br />
...<br />
Fingerprinting resulted in:<br />
7.14<br />
Best Guess: 7.14<br />
Wappalyzer<br />
Website: http:/wappalyzer.com<br />
References<br />
Whitepapers<br />
• Saumil Shah: “An Introduction to HTTP fingerprinting” - http:/www.<br />
net-square.com/httprint_paper.html<br />
• Anant Shrivastava : “Web Application Finger Printing” - http:/anantshri.info/articles/web_app_finger_printing.html<br />
Remediation<br />
The general advice is to use several of the tools described above and<br />
check logs to better understand what exactly helps an attacker to disclose<br />
the web framework. By performing multiple scans after changes<br />
have been made to hide framework tracks, it’s possible to achieve a<br />
better level of security and to make sure of the framework can not be<br />
detected by automatic scans. Below are some specific recommendations<br />
by framework marker location and some additional interesting<br />
approaches.<br />
HTTP headers<br />
Check the configuration and disable or obfuscate all HTTP-headers<br />
that disclose information the technologies used. Here is an interesting<br />
article about HTTP-headers obfuscation using Netscaler: http:/<br />
grahamhosking.blogspot.ru/2013/07/obfuscating-http-header-using-netscaler.html<br />
Cookies<br />
It is recommended to change cookie names by making changes in the<br />
corresponding configuration files.<br />
HTML source code<br />
Manually check the contents of the HTML code and remove everything<br />
that explicitly points to the framework.<br />
General guidelines:<br />
• Make sure there are no visual markers disclosing the framework<br />
• Remove any unnecessary comments (copyrights, bug information,<br />
specific framework comments)<br />
• Remove META and generator tags<br />
• Use the companies own css or js files and do not store those in a