One of the first tasks when conducting a web application penetration test is to try to identify the version of the web server and the web application. It allows us to discover all the well-known vulnerabilities that are affecting the web server and the application.This process is called web application fingerprinting and in this article we will see how to perform it.

The web application fingerprinting can be done with the use of a variety of tools or manually. This time, we will use a tool called httprecon, it is a tool for advanced web server fingerprinting. The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis.

Httprecon is a handy tool that performs a number of tests in an attempt to fingerprint a web server’s software. The following screenshot shows httprecon running against the “139.162.33.179” server and reporting various possible web servers with different degrees of confidence.

If you click the get long request and fingerprint details, you will get the details of the name and what protocol that the website use with its version.

Best regards,

KASUR TEAM
2001586205     Andriana Pratama Putra
2001622614     Veber Sormin