Dear list,
I am currently working on the upcoming release 3.0 of my Attack Tool Kit
(ATK), an open vulnerability scanner and exploiting framework for
Windows.[1]
In this case I try to increase the accuracy of the pattern matching
based plugins to detect successfull web server vulnerability detection
or exploitation. I am using regulary expressions to do this (See [2] for
some examples).
When I was updating the (web server) plugins yesterday, a question came
up: What kind of http protocols do popular web servers as like Apache or
MS IIS support in responses? Is it always HTTP/1.1 no matter what http
protocol version specification is given in the request[3]? What http
protocol versions are planned? A new major release or just minor
changes? What is the best expression to fetch successfull http requests
now and in the future too[4]? Is the user able to deny the support for a
specific protocol version and respond as 0.9 only for example?
Regards,
Marc
[1] http://www.computec.ch/projekte/atk/
[2] http://www.computec.ch/projekte/atk/plugins/pluginslist/pluginslist.html
[3] I took a look at the source code of the latest Apache release and
saw that in some cases other http protocol versions are re-written/used.
Usually the regulary 0.9, 1.0 and 1.1
[4] For example "HTTP/#.# *" when using the "like" regulary expressions
of Visual Basic 6. It may be possible to be more accurate, isn't it? The
Nessus plugins are often using very fuzzy pattern matching in this case.
--
Computer, Technik und Security http://www.computec.ch/
Meine private Webseite http://www.computec.ch/mruef/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
