lucifer
14-02-2008, 07:13 PM
Besides the well-known enumeration of http response status codes and header-ordering several other fingerprinting mechanisms were introduced. For example the capitalization of header lines, the use of spaces and the structure of ETag values (e.g. length and quotes).
There are nine test cases in which the behavior of the target service is mapped. These are:
* Legitimate GET request for an existing resource
* Very long GET request (>1024 bytes in URI)
* Common GET request for a non-existing resource
* common HEAD request for an existing resource
* Allowed method enumeration with OPTIONS
* Isually not permitted http method DELETE
* Not defined http method TEST
* Non-existing protocol version HTTP/9.8
* GET request including attack patterns (e.g. ../ and %%)
http://www.computec.ch/projekte/httprecon/introduction/screenshot.png
Download:
**Hidden Content: Check the thread to see hidden data.**
There are nine test cases in which the behavior of the target service is mapped. These are:
* Legitimate GET request for an existing resource
* Very long GET request (>1024 bytes in URI)
* Common GET request for a non-existing resource
* common HEAD request for an existing resource
* Allowed method enumeration with OPTIONS
* Isually not permitted http method DELETE
* Not defined http method TEST
* Non-existing protocol version HTTP/9.8
* GET request including attack patterns (e.g. ../ and %%)
http://www.computec.ch/projekte/httprecon/introduction/screenshot.png
Download:
**Hidden Content: Check the thread to see hidden data.**