Fingerprinting is an age old concept and one that adds great value to assessment methodologies. There are several tools available for fingerprinting operating systems (nmap), Web servers (httprint), devices, etc. Each one of these tools uses a different method – inspecting the TCP stack, ICMP responses, HTTP responses. With this evolution of Web 2.0 applications that use Ajax extensively, it is important to fingerprint Ajax tools, framework or library used by a particular web site or a page. This paper describes the method of doing Ajax fingerprinting with a simple prototype serving as an example.
Ajax fingerprinting can help in deriving the following benefits:
- Vulnerability detection – Knowledge of the framework on which a web application is running, allows the mapping of publicly known vulnerabilities found for that particular framework. Example – DWR client side vulnerability.
Download the paper in PDF format here.