-
-
Notifications
You must be signed in to change notification settings - Fork 137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP server fingerprinting #7
Comments
I looked into this. Here are some findings. Have Snare/Tanner running on port 8080 and 8090; then run:
So, Snare says that the server being used in nginx. Now, let's see what a server actually running nginx reports:
Hm, so this also returns the nginx version. Notice that the ordering of headers in this and snare's output is different. Now, let's see how Snare works against bad requests
Here, the |
Running nmap intense scan gives:
It also detected aiohttp server! |
I can't get httprint tool to play nice with snare.
|
@mzfr Do you have any suggestions how to improve that? |
@afeena In my opinion we can do the following
@glaslos what do you think about this ? |
Yes, making sure we consistently return the correct headers should be a good start. |
Investigate various forms of HTTP server fingerprinting methods and evaluate how SNARE is performing. A good starting point is https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002)
The text was updated successfully, but these errors were encountered: