HTTPFuzz: Web Server Fingerprinting with HTTP Request Fuzzing
Animesh Kar, Andrei Natadze, Enrico Branca, Natalia Stakhanova
2022
Abstract
Web server-based fingerprinting is a type of fingerprinting that allows security practitioners, penetration testers, and attackers to distinguish between servers based on the set of information these servers disclose. A common approach to hide this information is to apply fingerprinting mitigating techniques. In this work, we present a new approach for fingerprinting web server software irrespective of the applied fingerprinting mitigation techniques. The premise of our approach is based on the simple insight, i.e., web servers handle different types of HTTP requests differently. We use the fuzzing approach for intelligent and adaptive selection of HTTP requests that are able to provoke servers to disclose their service-level information.
DownloadPaper Citation
in Harvard Style
Kar A., Natadze A., Branca E. and Stakhanova N. (2022). HTTPFuzz: Web Server Fingerprinting with HTTP Request Fuzzing. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 261-271. DOI: 10.5220/0011328900003283
in Bibtex Style
@conference{secrypt22,
author={Animesh Kar and Andrei Natadze and Enrico Branca and Natalia Stakhanova},
title={HTTPFuzz: Web Server Fingerprinting with HTTP Request Fuzzing},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={261-271},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011328900003283},
isbn={978-989-758-590-6},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - HTTPFuzz: Web Server Fingerprinting with HTTP Request Fuzzing
SN - 978-989-758-590-6
AU - Kar A.
AU - Natadze A.
AU - Branca E.
AU - Stakhanova N.
PY - 2022
SP - 261
EP - 271
DO - 10.5220/0011328900003283