Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
11 views

Finger Print Web Application Framework

Fingerprint web frame work

Uploaded by

Shweta Mahajan
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
11 views

Finger Print Web Application Framework

Fingerprint web frame work

Uploaded by

Shweta Mahajan
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

TEST CODE# OTG-INFO-008

TEST NAME Fingerprint Web Application Framework

REPORTED BY Shweta Mahajan

DATE 31/01/2023

RISK Critical

COMPLEXITY Critical

Evidence

● Fingerprint the components being used by the web applications.


● Test and identify a web framework is to look at the X-Powered-By
field in the HTTP response header. Many tools can be used to
fingerprint a target, the simplest one is netcat.
Attempt to access all system objects with every HTTP method
allowed by the server.

● Discover IP of domain: https://www.nslookup.io/


● $ ./whatweb reddit.com
TEST SUMMARY ● http://reddit.com [301 Moved Permanently] Country[UNITED
STATES][US], HTTPServer[snooserv], IP[151.101.65.140],
RedirectLocation[https://www.reddit.com/],
UncommonHeaders[retry-after,x-served-by,x-cache-hits,x-timer],
Via-Proxy[1.1 varnish]
● https://www.reddit.com/ [200 OK]
Cookies[edgebucket,eu_cookie_v2,loid,rabt,rseor3,session_tracker,t
oken], Country[UNITED STATES][US],
Email[banner@2x.png,snoo-home@2x.png], Frame, HTML5,
HTTPServer[snooserv], HttpOnly[token], IP[151.101.37.140],
Open-Graph-Protocol[website], Script[text/javascript],
Strict-Transport-Security[max-age=15552000; includeSubDomains;
preload], Title[reddit: the front page of the internet],
UncommonHeaders[fastly-restarts,x-served-by,x-cache-hits,x-timer],
Via-Proxy[1.1 varnish], X-Frame-Options[SAMEORIGIN]

● Command:

● The supported methods ‘GET’ ‘HEAD’ ‘POST’ ‘OPTIONS’

Summary

● Identify the supported methods


● Identify system objects
● Modify the http methods of the system objects and observe the outcome
and trend across system objects.

After modifying the http methods with ‘OPTIONS’, ‘HEAD’ and ‘TRACE’ the
VULNERABILITY
system object's URL responded with information that could be used by an attacker
SUMMARY
to expand their attack surface.
Web servers that respond to the ‘OPTIONS’, ‘TRACE’ and ‘HEAD’ HTTP methods
expose other methods that are supported by the web server, allowing attackers
to narrow and intensify their efforts.
EXPLOITATION
The request itself may have malicious parameters, but that is seperate from the
Method.

By itself is not really a vulnerability; but if there is no real use for certain
methods it, it just affects a system’s attack surface, and ideally should be disabled
RECOMMENDED unless required.
SOLUTION
Verify that these alternate methods do not trigger actions without proper
authentication or reveal info about the contents of the web app

It should be noted that the web application uses a security control that lists
CONCLUSION
HTTP verbs.

You might also like