Friday, February 22, 2013

[BlindElephant] Web Application Fingerprinting


 During Black Hat USA 2010, Patrick Thomas presented a new web application fingerprinting tool called Blind Elephant.

BlindElephant %E2%80%93 Web Application Fingerprinting

The BlindElephant Web Application Finger-printer attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatically.

BlindElephant works via a new trendy technique of fetching static elements of the web app such as .js, .css, and other core files then running a check sum to compare sizes of those files from released versions.

BlindElephant is available via SVN here
svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant

No comments:

Post a Comment