Thursday, May 28, 2009

Web Fingerprinting

Fingerprinting web sites via the Server tag has been done for years (and years and years). Then came fingerprinting it based on the order of responses (httprint). Now something new (or at least new to me) has shown up, fingerprinting it based on certain files on the site.

Article can be found here

In a nutshell:
"What these fingerprints are, depend on the web application, but generally we can use .js (javascript) , .css and a few other files that are available and we can access the source remotely. We can't do the same with .php, because it will not return the source (only the executed output)."

In their example they fingerprint wordpress sites. Interesting new approach.