Sensitive information in the Response Header of Web Application Security

Sensitive information in the Response Header of Web Application Security

Text/Xuan Hun

Directory

Response Header. 1 for Web Application Security

Preface... 1

1.1 sensitive header. 2

1.2 delete sensitive header. 2

1.2.1 Delete the server field... 2

1.2.2 Delete the X-Powered-By field... 3

1.2.3 Delete the X-AspNet-Version field... 4

1.2.4 Delete X-AspNetMvc-Version. 5

Preface

In the Kali Linux (http://www.xuanhun521.com/Blog/Tag/kali%20linux) series, I mentioned that the most basic information collection skills for the target site are Banner grabbing.

By capturing the Web server's Banner (analyzing the response header), we can obtain information about the Web server, application framework, programming language, and so on.

Is the http Response Header of a website.

1.1 sensitive Headers

In the circled section, we focus on the following fields (not all of which are common for asp.net applications ):

Server: the version of the web Server. We usually see fields such as "Microsoft-IIS/7.5", "nginx/1.0.11", and "Apache.

X-Powered-By: web application framework information. Common examples are "ASP. NET", "PHP/5.2.17", and "UrlRewriter. NET 2.0.0 ".

X-AspNet-Version: asp.net Version. Only the asp.net site has such a header.

X-AspNetMvc-Version: this field is available in asp.net mvc framework.

Normally, this information is not directly dangerous. However, if a version of IIS on a certain day exposes a 0-day vulnerability, therefore, attackers can find a large number of IIS sites in a short time based on the response header. In addition, attackers can deduce and try existing vulnerabilities Based on the collected information, and the correct information will speed up the attacker's vulnerability discovery process.

1.2 delete sensitive Headers

Next, we will take my local asp.net mvcz site as an example to explain how to delete sensitive fields in the response header.

1.2.1 Delete server Fields

Here, you need to use the IIS extension tool Url Scan. For Url Scan installation and configuration instructions, see the previous blog URL Scan introduction.

Open the URL Scan configuration file (C: \ Windows \ System32 \ inetsrv \ urlscan \ UrlScan. ini), find "RemoveServerHeader", and set the value to 1. Before Configuration:

After Configuration:

1.2.2 Delete the X-Powered-By field

Open IIS manager, switch to site view, and open "HTTP Response Header ".

Delete the X-Powered-By field here.

1.2.3 Delete the X-AspNet-Version field

Open web. config under the site and make the following Configuration:

<System. web> Open the Global. asax file and add the following code to the Application_Start function:

MvcHandler. DisableMvcResponseHeader = true;

Final result:

Welcome to Xuan soul's blog

Ps: Readers interested in this article or security and security programming can add QQ group: Hacking: 303242737; Hacking-2 group: 147098303; Hacking-3 group: 31371755; group hacking-4: 201891680; group Hacking-5: 316885176