Fingerprint Web Application Framework
OWASP Web Security Testing Guide 4.2 > 1. Information Gathering > 1.8. Fingerprint Web Application Framework
ID | Link to Hackinglife | Link to OWASP | Objectives |
---|---|---|---|
1.8 | WSTG-INFO-08 | Fingerprint Web Application Framework | - Fingerprint the components being used by the web applications. - Find the type of web application framework/CMS from HTTP headers, Cookies, Source code, Specific files and folders, Error message. |
HTTP headers
- Note the response header
X-Powered-By
, orX-Generator
as well. - Identify framework specific cookies. For instance, the cookie
CAKEPHP
for php.
HTML source code
- Framework is often include in the
META
tag. - Revise header and footer sections carefully: general markers and specific markers.
- See typical file and folders structure. An example would be wp-includes folder for a wordpress installation, or a CHANGELOG file for a Drupal one.
- Check out file extensions, as sometimes they reveals the underlying framework.
- Revise error messages. They commonly reveals framework.
See WSTG-INFO-07 for a reference to HTTRack for mirrowing the code and EyeWitness. These utilities replicated the source code of the target domain.
Tools
1. HTTP headers:
X-Powered-By and cookies:
- .NET: ASPSESSIONID<RANDOM>=<COOKIE_VALUE>
- PHP: PHPSESSID=<COOKIE_VALUE>
- JAVA: JSESSION=<COOKIE_VALUE>
2. whatweb.
3. Wappalyzer: https://www.wappalyzer.com.
4. wafw00f:
wafw00f -v https://www.example.com
# -a: check all possible WAFs in place instead of stopping scanning at the first match.
# -i: read targets from an input file
# -p proxy the requests
5. Aquatone
6. Addons for browsers:
- BuiltWith: BuiltWith® covers 93,551+ internet technologies which include analytics, advertising, hosting, CMS and many more.
7. Curl:
curl -IL https://<TARGET>
# -I: --head (HTTP FTP FILE) Fetch the headers only!
# -L, --location: (HTTP) If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code), this option will make curl redo the request on the new place. If used together with -i, --include or -I, --head, headers from all requested pages will be shown.
8. nmap:
Last update: 2024-02-04 Created: December 24, 2023 11:19:43