[A] Use NC to view the HTTP headers returned by the Web server
Syntax for NC www.jb51.net 80
[II] Based on the elements in the URL
Name extension
The technology used
Server platform
. pl
perlcgi Script
A variety of platforms, typically Unix
. asp
Active Server Page
Microsoft IIS
. aspx
ASP +
Microsoft. NET
. php
PHP script
A variety of platforms, typically Apache
. CFM
ColdFusion
General interface with Microsoft server
Nsf
Lotusdomino
However, Web servers are flexible in configuration, and gateways can deliberately confuse file types to hide information about all technical aspects. Identifying the server is also an art, such as the Service page (JSP) used by the Java server as a file class
Type does not give any clues, so it is not possible to know the front-end Web server used and the Java application used to execute the JSP file. Here are some examples of URLs to help you in the vertical and horizontal network:
(1) Www.xxx.com/homepage.nsf?Open
This is the Lotus Domino server used, with the NC a look at the header returned information can be known, the NSF file also let us at a glance.
(2) Www.xxx.com/software/buy.jhtml;jsessionid=ZQWEURBF69UD6DOG8
With the NC view header, it is found that the display server is returned as microsoft-iis/4.0, but microsoft-iis/4.0 is not supported. Jhtml, which is actually a Java HTML page. So this is an application and a microsoft-
iis/4.0 to work together. String Jsessionid=zqweurbf69ud6dog8 is the evidence-type feature of the ATG Dynamo application Server, which provides Java HTML files and executes the Java Servlet.
(3) Www.xxx.com/cgi-bin/ncommerce3/ExecMacro/webstore/home.d2w/repeat
This is the typical URL used by IBM Net.data E-commerce platform. String ncommerce3 and Execmacro are key strings that reveal the type of technology. HOME.D2W is an application macro written in the IBM Net.data scripting language
, repeat is one of many ways that application macros provide.
(4) www.xxx.com/site/index/0,10017,25487,00.html
This URL is not very common, does not look like a static HTML page, if we browse this site, the specific number will be constantly changing and the overall URL structure remains unchanged. It is a typical URL for the Vignett Story server, which is a
A popular content server, often used with Netscape Enterprise and microsoft-iis/4.0.
(5) Www.xxx.com/report.cgi?page=3
This is a very clear beginning to be able to guess the running of the Apache server, the application written in Perl. Provides scripting technical support with CGI.
(6) www.xxx.com/webapp/wcs/stores/servlet/display?storeid=10001&langid=-1&catalogid=10001& catagoryid=10052&cleatance=0&cattree=10053
We do not see, submit an incomplete url--www.xxx.com/webapp/wcs/stores/try, sure enough, the page appears mandatory error, the original is IBM WebSphere Server Ah!
[Three] use cookies to view
The two methods described earlier can only serve as a standard, but the information they return is not necessarily the most authentic. The server can map the name of the Server page extension. asp to. CGI by modifying its own server type string.
So as to hide themselves from the hacker to see key technology, there is an opportunity. But the information you see through cookies is absolutely true, and I've listed some common cookie types and their corresponding server types below, and you can
To view.
Server cookie Format
Apache Apache = 220.86.136.115.308631204331944536139
IIS aspsessionidggqggcvc=kelhfofdihoiebuoyinpegkm
ATG Dynamo jsessionid = h4tqqoliento2belinpulcdefin3aayugoel304
Ibmnet.data
Session_id=307823,wfbdlintkmladthcaaln+ikneilwejemyruu/viabfoxplugme8e+licenslogolienmikeyxltea
ColdFusion cfid=,587643 cftoken=25631988