-
-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
HTTP server fingerprinting #7
Comments
I looked into this. Here are some findings. Have Snare/Tanner running on port 8080 and 8090; then run:
So, Snare says that the server being used in nginx. Now, let's see what a server actually running nginx reports:
Hm, so this also returns the nginx version. Notice that the ordering of headers in this and snare's output is different. Now, let's see how Snare works against bad requests
Here, the |
Running nmap intense scan gives:
It also detected aiohttp server! |
I can't get httprint tool to play nice with snare.
|
@mzfr Do you have any suggestions how to improve that? |
@afeena In my opinion we can do the following
@glaslos what do you think about this ? |
Yes, making sure we consistently return the correct headers should be a good start. |
Investigate various forms of HTTP server fingerprinting methods and evaluate how SNARE is performing. A good starting point is https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002)
The text was updated successfully, but these errors were encountered: