November 27, 2020

Fingerprinting WebServers


Identify the web server type and version.

Tactic 1: Use OSINT Sources

You can gather a lot of intelligence about the site and the server using Open Source Intelligence without making requests to the server itself (which creates log entries on the target system).

Tactic 2: BurpSuite

Tactic 3: CURL

You can try just using curl with no switches, but you might blocked. You will get a response like:

If that happens, add a fake user-agent string to the header (use -H to identify it). Then you really only want the server response and not the actual HTML, so use the -I switch. The -L is used to follow the 301 redirects if needed. Your curl command should look something like this:

curl -I -L -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

Fingerprint Defenses

  • Use a reverse proxy in front of the server