Due to the fact that it is possible to infer the type and version of web

server/application that is being used by a target by correlating

information gathering by other Information Disclosure categories, we

will focus only on the HTTP Protocol implementation analyzation that

today's web fingerprinting tools utilize.

Examples:

All of the examples below demonstrate analysis techniques of the

composition and interpretation of HTTP requests by the target web

servers.

Implementation differences of the HTTP Protocol

Lexical   The lexical characteristics category covers variations in the

actual words/phrases used, capitalization and punctuation displayed

by the HTTP Response Headers.

Response Code Message   The error code 404, Apache reports

 Not Found  whereas Microsoft IIS/5.0 reports  Object Not Found .

Apache 1.3.29   404

Microsoft IIS/4.0   404

# telnet target1.com 80

# telnet target2.com 80

Trying target1.com...

Trying target2.com...

Connected to

Connected to

target1.com.

target2.com.

Escape character is

Escape character is

 ^] .

 ^] .

HEAD /non existent 

HEAD /non existent 

file.txt HTTP/1.0

file.txt HTTP/1.0

HTTP/1.1 404 Not Found

HTTP/1.1 404 Object Not

Date: Mon, 07 Jun 2004

Found

14:31:03 GMT

Server: Microsoft 

Server: Apache/1.3.29

IIS/4.0

(Unix) mod_perl/1.29

Date: Mon, 07 Jun 2004

14:41:22 GMT

71

Copyright 2004, Web Application Security Consortium. All rights reserved.