Fingerprinting

Fingerprinting is an information-gathering technique that enables threat actors to profile and subsequently attack an application. The relevant data is acquired from the names and values specified in the HTTP header, which ultimately differentiate and profile an application.

This assesses the foundation of a site to determine characteristics such as, what server and software are running. Automated bots are often programmed to acquire this information and will also seek:

• URL path case sensitivity
• URL path patterns
• Directories
• Error messages

It’s worth noting that while fingerprinting assesses an application’s important components, it is a less detailed analysis of an application’s working parts than footprinting.

How does fingerprinting work?

Fingerprinting works through the analysis of an application by virtue of the HTTP header values it sends to a client. For example, an HTTP request to a web server that uses Javascript will cause the browser to seek information from the site’s server.

A response from this query is sent back to the client and it includes information such as:

• Request method
• Server Software
• Server Language
• Character Encoding scheme

[elementor-template id="40134"]

Active fingerprinting vs passive fingerprinting

There are two ways a threat actor can acquire and enact a fingerprint against an application: active or passive.

Active fingerprinting

It involves using real client-side applications to gather user agent strings, browser header values, etc., in order to perform detailed analysis on each browser and their version.

Passive fingerprinting

It uses analysis of existing data from a server, instead of active probing. Passive fingerprinting is considerably faster than active, but the resolutions are lesser and accuracy is reduced as well.