Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Intercepting a Response
|
59
NeoTrace NeoTrace is a very fine GUI-based tool for mapping out a network. Cheops-ng Cheops-ng is another remarkable tool for tracing and fingerprinting a network. This image speaks a thousand words. 60 ◾ Ethical Hacking and Penetration Testing Guide Enumerating and Fingerprinting the Webservers For successful target enumeration, it’s necessary for us to figure out what webserver is running at the back end. In this section, we will look at both active and passive information gathering meth- ods. As a reminder, in active information gathering, we directly interact with the target; in passive information gathering, we do not interact with the target, but use the information available on the web in order to obtain details about the target. Intercepting a Response The first thing you should probably try is to send an http request to a webserver and intercept the response. http responses normally reveal the webserver version of many websites. For that purpose, you would need a web proxy such as Burp Suite, Paros, and webscrab. Let’s try to find out the name and version of the webserver running behind ptcl.com.pk by trap- ping a response with Burp Suite by following these steps: Step 1 —First, download the free version of Burp Suite from the following website: http:// portswigger.net/burp/ Step 2— Next, install the Burp Suite and launch it. Step 3— Next, open Firefox. Note : You can use any browser, but I would recommend Firefox. Go to Tools → Options → Advanced → Network → Settings. Step 4— Click on the “Manual Proxy configuration” and insert the information given in fol- lowing screenshot and click “Ok”. Information Gathering Techniques ◾ 61 Step 5— Next, open up Burp Suite again, navigate to the “proxy” tab and click on the “inter- cept” tab and click on “intercept is off” to turn it on. Step 6— Next, from your Firefox browser, go to www.ptcl.com.pk and send an http request by refreshing the page. Make sure the intercept is turned on. Step 7— Next, we would need to capture the http response in order to view the banner infor- mation. Intercepting the response is turned off by default, so we need to turn it on. For that purpose, select the http request and then right click on it, and under “do intercept”, click on “response to this request.” 62 ◾ Ethical Hacking and Penetration Testing Guide Step 8— Next, click on the “Forward” button to forward the http request to the server. In a few seconds, we will receive an http response, revealing the http server and its version. In this case, it is Microsoft’s IIS 7.5. Yüklə 22,44 Mb. Dostları ilə paylaş:
|