lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <418F3C6B.2070404@computec.ch> From: marc.ruef at computec.ch (Marc Ruef) Subject: Web server http protocol version support Dear list, I am currently working on the upcoming release 3.0 of my Attack Tool Kit (ATK), an open vulnerability scanner and exploiting framework for Windows.[1] In this case I try to increase the accuracy of the pattern matching based plugins to detect successfull web server vulnerability detection or exploitation. I am using regulary expressions to do this (See [2] for some examples). When I was updating the (web server) plugins yesterday, a question came up: What kind of http protocols do popular web servers as like Apache or MS IIS support in responses? Is it always HTTP/1.1 no matter what http protocol version specification is given in the request[3]? What http protocol versions are planned? A new major release or just minor changes? What is the best expression to fetch successfull http requests now and in the future too[4]? Is the user able to deny the support for a specific protocol version and respond as 0.9 only for example? Regards, Marc [1] http://www.computec.ch/projekte/atk/ [2] http://www.computec.ch/projekte/atk/plugins/pluginslist/pluginslist.html [3] I took a look at the source code of the latest Apache release and saw that in some cases other http protocol versions are re-written/used. Usually the regulary 0.9, 1.0 and 1.1 [4] For example "HTTP/#.# *" when using the "like" regulary expressions of Visual Basic 6. It may be possible to be more accurate, isn't it? The Nessus plugins are often using very fuzzy pattern matching in this case. -- Computer, Technik und Security http://www.computec.ch/ Meine private Webseite http://www.computec.ch/mruef/
Powered by blists - more mailing lists