Web Server/Application Fingerprinting
Attack Pattern ID: 170 (Standard Attack Pattern Completeness: Stub)Typical Severity: LowStatus: Draft
+ Description

Summary

An attacker sends a series of probes to a web server or application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web service fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.

+ Attack Prerequisites

Any web service can be fingerprinted. However, some configuration choices can limit the useful information an attacker may collect during a fingerprinting attack.

+ Resources Required

While simple fingerprinting can be accomplished with only a web browser, for more thorough fingerprinting an attacker requires a variety of tools to collect information about the target. These tools might include protocol analyzers, web-site crawlers, and fuzzing tools. Footprinting a service adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfCategoryCategory224Fingerprinting 
Mechanism of Attack (primary)1000
Back to top