Posted by: jasonk2600 | January 1, 2010

Web Application Fingerprinting

Synopsis

This how to explains how to fingerprint web applications using the WAFP tool on a system running Debian GNU/Linux.  The WAFP tool can also run on any other system that can run Ruby with SQLite3 and OpenSSL libraries.

Installation

Download the WAFP (Web Application Finger Printing) tool.

Install the required dependencies for the WAFP tool using the aptitude software package management utility.

# aptitude install ruby libsqlite3-ruby libopenssl-ruby

 

Finally, extract the WAFP archive.

# tar -xvzf wafp-0.01-26c3.tar.gz
# cd wafp-0.01-26c4

 

Usage

Using the WAFP tool is very straightforward.  Simply run the tool with the URL of the Web application that you want to attempt to fingerprint.

# ./wafp.rb http://blog.somedomain.com/
Collecting and fetching the files we need to identify the product ...
...........
found the following matches (limited to 10):
+----------------------------------------+
 serendipity-1.3      430 / 571  (75.31%)
 serendipity-1.3.1    430 / 571  (75.31%)
 serendipity-1.2      407 / 554  (73.47%)
 serendipity-1.2.1    408 / 556  (73.38%)
 serendipity-1.0.2    326 / 448  (72.77%)
 serendipity-1.0      326 / 448  (72.77%)
 serendipity-1.0.4a   326 / 448  (72.77%)
 serendipity-1.0.1    326 / 448  (72.77%)
 serendipity-1.0.3a   326 / 449  (72.61%)
 serendipity-1.1.3    349 / 482  (72.41%)
+----------------------------------------+
 WAFP 0.01-26c3  - - - - - - - - -  http://mytty.org/wafp/

 

The process of fingerprinting a Web application can be greatly spead up if you have some idea of what the application may be. WAFP can be instructed to only compare the URL to specific Web application fingerprints by using the -p command line options.

# ./wafp.rb -p wordpress http://blog.somedomain.com/

 

The preceding is the basic usage of WAFP, for more information on other options see the included README and HOWTO files.

References

 

  [EoF]
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: