[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Web server http protocol version support

Dear list,

I am currently working on the upcoming release 3.0 of my Attack Tool Kit (ATK), an open vulnerability scanner and exploiting framework for Windows.[1]

In this case I try to increase the accuracy of the pattern matching based plugins to detect successfull web server vulnerability detection or exploitation. I am using regulary expressions to do this (See [2] for some examples).

When I was updating the (web server) plugins yesterday, a question came up: What kind of http protocols do popular web servers as like Apache or MS IIS support in responses? Is it always HTTP/1.1 no matter what http protocol version specification is given in the request[3]? What http protocol versions are planned? A new major release or just minor changes? What is the best expression to fetch successfull http requests now and in the future too[4]? Is the user able to deny the support for a specific protocol version and respond as 0.9 only for example?

Regards,

Marc

[1] http://www.computec.ch/projekte/atk/
[2] http://www.computec.ch/projekte/atk/plugins/pluginslist/pluginslist.html
[3] I took a look at the source code of the latest Apache release and saw that in some cases other http protocol versions are re-written/used. Usually the regulary 0.9, 1.0 and 1.1
[4] For example "HTTP/#.# *" when using the "like" regulary expressions of Visual Basic 6. It may be possible to be more accurate, isn't it? The Nessus plugins are often using very fuzzy pattern matching in this case.

--
Computer, Technik und Security                  http://www.computec.ch/
Meine private Webseite                    http://www.computec.ch/mruef/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html