文章作者:cnbird
1.发送相同的HTTP请求并且得到不同的回应
执行一单进程或者标准的HTTP向一服务器发送请求.考虑到准确的确定指纹应该在答复中改变差别.
2.为什么要确定指纹呢?
⑴确定版本的细节和可能安装的补丁
⑵确定基本配置
⑶对指纹发展对策
3.普通的web服务器
web server July 2003 Percent August 2003 百分率 变化
Apache 21353498 57.62 22859123 63.51 5.89
Microsoft 11866718 31.87 9139785 25.39 -6.48
Zeus 787071 2.11 765115 2.13 0.02
iPlanet 494568 1.33 486868 1.35 0.01
4.服务器的banner
HEAD / HTTP/1.1
host:
www.host.com
Server: Apache/1.3.26(Unix)
Server: Microsoft-IIS/5.0
Server: Netscape-Enterprise/4.1
5.WhiteHat 抓banner的工具
$wh_banner.pl
http://host.com
Server: Apache/1.3.26(Unix)
这个工具找了好长时间都没有找到,我打算自己写一个,近期我讲发布在我的blgo上欢迎大家来掏宝.
6.HTTP/1.1 RFC 2616
http;//www.ietf.org/rfc/rfc2616.txt
7.Apache的banner
[cnbird@localhost]#telnet
www.wiretrip.net 80
Trying 66.21.117.200.....
Connect to
www.wiretrip.net
Escape character is '^]'.
OPTIONS * HTTP/1.1
Host:
www.wiretrip.net
HTTP/1.1 200 OK
Date:Thu,12 Sep 2003 01:55:09 GMT
Content-Langth:0
Allow:GET,HEAD,OPTIONE,TRACE
8.OPTIONS *
HTTP的请求:
OPTIONS * HTTP/1.1
Host:
www.host.com
HTTP的答复:
Allow:GET,HEAD,POST
9.Apache 1.3.x
[cnbird@localhost]$telnet
www.netcraft.com 80
Trying 195.92.95.5...
Connected to
www.netcraft.com.
Escape character is '^]'.
OPTIONS * HTTP/1.1
Host:
www.netcraft.com
HTTP/1.1 200 OK
Date:Thu,12 Sep 2003 01:49:01 GMT
Server:Apache/1.3.26(Unix) mod_perl/1.27
Content-Length:0
Allow:GET,HEAD,OPTIONS,TRACE
Connection:close
10.Apache 2.0.x
[cnbird@localhost]$telnet
www.apache.org 80
Trying 63.251.56.142...
Connected to
www.apache.org.
Escape character is '^]'.
OPTIONS * HTTP/1.1
Host:
www.apache.org
HTTP/1.1 200 OK
Date:Thu,12 Sep 2003 01:11:24 GMT
Server:Apache/2.0.41-dev (Unix)
Cache-Control:max-age=86400
Expires:Fri, 13 Sep 2003 01:11:24 GMT
Allow:GET,HEAD,POST,OPTIONS,TRACE
Content-Length:0
Content-Type:text/plain
11. Microsoft IIS 4.0
[cnbird@localhost]$telnet www8.compaq.com 80
Trying 161.114.19.218...
Connected to www8.compaq.com.
Escape character is '^]'.
OPTIONS * HTTP/1.1
Host:www8.compaq.com
HTTP/1.1 200 OK
Server:Microsoft-IIS/4.0
Date:Thu, 12 Sep 2003 02:11:!2 GMT
Public:OPTIONS,TRACE,GET,HEAD,POST,PUT,DELETE
Content-Length:0
12. Microsoft IIS 5.0/6.0
[cnbird@localhost]$telnet
www.dell.com 80
Trying 143.166.83.63...
Connected to
www.dell.com.
Escape character is '^]'.
OPTIONS * HTTP/1.1
Host:
www.dell.com
HTTP/1.1 200 OK
Server:Microsoft-IIS/5.0
Date:Thu, 12 Sep 2003 02:02:24 GMT
P3P: CP="BUS CAO CNT COM CUR DEV DSP INT NAV OUR PSA PSD SAM STA TAI UNI"
PICS-Label: (pics-1.1
http://www.icra.org/ratingsv02.html" 1 r (cb 1 lz 1 nz 1 oz 1 vz 1)
http://www.rsac.org/ratingsv01.htl 1 r (n 0 s 0 v 0 l 0))
P3P:policyref="
http://www.dell.co/w3c/p3p.xml",CP="BUS CAO CNT COM CUR DEV DSP INT NAV OUR PSA PSD SAM STA TAI UNI"
Expires: Thu, 01 Dec 1994 8:00:00 GMT
Set-Cookie:SITESERVER=ID=538382e81a644ec3b74518d300cf567d;domain=.dell.com;path=/;expires=Wed,
12-Sep-2007 02:02:24 GMT;
Set-Cookie: SITESERVER_SESSION=ID=538382e81a644ec3b74518d300cf567d;domain=.dell.com;path=/;
Content-Length:0
Accept-Ranges:bytes
DASL:<DAV:sql>
DAV:1,2
Public:OPTIONS,TRACE,GET,HEAD,DELETE,PUT,POST,COPY,MOVE,MKOL,PROPFIND,PROPPATCH,LOCK,UNLOCK,SEARCH
Allow:OPTIONS,TRACE,GET,HEAD,DELETE,PUT,POST,COPY,MOVE,MKOL,PROPFIND,PROPPATCH,LOCK,UNLOCK,SEARCH
Cache-Control:private
13:剩下的都是不经常用的web服务器了,我就不列举了....
有兴趣的可以向我要原文..........同时也欢迎大家和我(550669)讨论关于UNIX的入侵方法和防御办法
