一种有效的Web指纹识别方法

doi:10.7523/j.issn.2095-6134.2016.05.016

中国科学院大学学报 ›› 2016, Vol. 33 ›› Issue (5): 679-685.DOI: 10.7523/j.issn.2095-6134.2016.05.016

一种有效的Web指纹识别方法

闫淑筠^1,3, 王文杰^1,2, 张玉清^1,2,3

1 中国科学院大学计算机与控制学院, 北京 101408;
2 中国科学院信息工程研究所信息安全国家重点实验室, 北京 100093;
3 中国科学院大学国家计算机网络入侵防范中心, 北京 101408

收稿日期:2016-02-19 修回日期:2016-04-01 发布日期:2016-09-15
通讯作者: 闫淑筠
基金资助:
国家自然科学基金（61572460，61272481）、信息安全国家重点实验室开放课题基金（2015-MS-06）和360项目资助

An efficient method of web fingerprint identification

YAN Shujun^1,3, WANG Wenjie^1,2, ZHANG Yuqing^1,2,3

1 School of Computer and Control Engineering, University of Chinese Academy of Sciences, Beijing 101408, China;
2 State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
3 National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408, China

Received:2016-02-19 Revised:2016-04-01 Published:2016-09-15

摘要/Abstract

摘要：

准确获取Web服务器及其承载的应用的类型及版本对Web站点的安全测试有重要意义.针对Web服务器Banner易被修改，提出使用黑盒测试方法对主流Web服务器进行分析，进而选取可有效防止Banner欺骗的Web服务器指纹；针对Web应用关键字易被删除，提出使用源码审计方法对主流开源Web应用进行分析，进而选取与其功能相关的Web应用指纹，并构建Web指纹库.在此基础上，设计并实现Web指纹识别工具——WebEye.实验结果表明，与主流工具相比，WebEye能更快速准确地识别Web服务器及应用，并具有良好的可扩展性.

关键词: Web服务器, Web应用, Web指纹识别, Web指纹库

Abstract:

It is very important to accurately acquire information of the web server and deployed application for website security testing. Since the web server's Banner was apt to be modified, we used the black-box testing method to analyze major web servers, and then selected web server's fingerprint which could prevent Banner cheating. Since the web application's keywords were apt to be deleted, we used the source code audit method to analyze major web applications, and then selected web application's fingerprint, which was associated with its function, and built a web fingerprint database. Furthermore, a web fingerprint identifying tool WebEye was designed and implemented. Experimental results show that WebEye faster and more accurately identifies the web server and application than similar tools, and it has good scalablity.

Key words: web server, web application, web fingerprint identification, web fingerprint database

中图分类号:

TP393

闫淑筠, 王文杰, 张玉清. 一种有效的Web指纹识别方法[J]. 中国科学院大学学报, 2016, 33(5): 679-685.

YAN Shujun, WANG Wenjie, ZHANG Yuqing. An efficient method of web fingerprint identification[J]. , 2016, 33(5): 679-685.

参考文献

[1] ZoomEye. ZoomEye网络空间搜索引擎[EB/OL].[2016-01-20]. https://www.zoomeye.org/.
[2] Watson D. The evolution of web application attacks[J]. Network Security, 2007(11):7-12.
[3] Goethem T V, Chen P, Nikiforakis N, et al. Large-scale security analysis of the web:challenges and findings[J]. Lecture Notes in Computer Science, 2014, 8564:110-126.
[4] Dukes L S, Yuan X, Akowuah F. A case study on web application security testing with tools and manual testing[C]//Southeastcon, 2013 Proceedings of IEEE. IEEE, 2013:1-6.
[5] Lee D, Rowe J, Ko C, et al. Detecting and defending against Web-server fingerprinting[C]//Proceedings of Computer Security Applications Conference, 2002. 18th Annual. IEEE, 2002:321-330.
[6] Karthik R, Kamath S. W3-Scrape-A windows based reconnaissance tool for web application fingerprinting[R]. arXiv:1306.6839.
[7] Fielding R, Gettys J, Mogul J, et al. Hypertext transfer protocol-HTTP/1.1[EB/OL]. (1999)[2016-01-20]. http://www.rfc-base.org/txt/rfc-2616.txt.
[8] Yang K, Hu L, Zhang N, et al. Improving the Defence against Web Server Fingerprinting by Eliminating Compliance Variation[C]//Proceedings of the 2010 Fifth International Conference on Frontier of Computer Science and Technology. IEEE Computer Society, 2010:227-232.
[9] Huang Z, Xia C, Sun B, et al. Analyzing and summarizing the web server detection technology based on HTTP[C]//Software Engineering and Service Science (ICSESS), 20156th IEEE International Conference on. IEEE, 2015:1042-1045.
[10] Book T, Witick M, Wallach D S. Automated generation of web server fingerprints[R]. arXiv:1305.0245.
[11] Muller A, Meucci M, Keary E, et al. OWASP testing guide 4.0[EB/OL].(2014)[2016-01-20]. https://www.owasp.org/images/1/19/OTGv4.pdf.
[12] Thomas P. BlindElephant:Web application fingerprinter & vulnerability inferencing[EB/OL]. (2010-07-28)[2016-01-20]. https://media.blackhat.com/bh-us-10/presentations/Thomas/BlackHat-USA-2010-Thomas-BlindElephant-WebApp-Fingerprinting-slides.pdf.
[13] Kozina M, Golub M, Groš S. A method for identifying Web applications[J]. International Journal of Information Security, 2009, 8(6):455-467.
[14] netcraft. Web server survey[EB/OL]. (2015-08-30)[2016-01-20]. http://news.netcraft.com/archives/2015/08/13/august-2015-Web-server-survey.html.
[15] 开源中国社区. 建站系统开源软件[EB/OL].[2016-01-20]. http://www.oschina.net/project/tag/256/web-system.
[16] Net-square. Httprint signatures file[EB/OL].[2016-01-20]. http://www.net-square.com/signature.txt.

一种有效的Web指纹识别方法

An efficient method of web fingerprint identification

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics

本文评价

访问统计

联系我们