IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [fingerprinting]

Gaining information about current version of an application or operating system in order to find a vulnerability.

Fingerprinting is a term that describes the process of identifying a system based upon the services it runs and the behaviour it exhibits.

141 questions
0
votes
1 answer

Fingerprinting Cisco ASA Device

I have used Nessus to determine that a client's Cisco ASA is vulnerable to a Read-Only Path Traversal Vulnerability. So far I have tried viewing the logon portal page source code, nmap -sV -A , the nmap script http-cisco-anyconnect and ssh…
jh2014
  • 3
  • 1
0
votes
0 answers

How do I assure that a site that I visit does not know I have been there before?

If I use the same machine (my PC) but with a different IP address and a different browser that I have never used to visit a site, will that site still be able to identify me? I don't understand the browser fingerprinting thing that well. To clarify,…
Sam Branner
  • 1
0
votes
0 answers

Why does my IP being leaked with system-wide proxy through webTRC, but it doesn't happen when I use system-wide VPN

WebRTC manages to leak my IP when I use proxy, but when I use VPN it only shows VPN server's IP (both proxy and VPN were system-wide). What's the key difference? Google Chrome was used in both tests (webRTC leak test). https://browserleask.com —…
infinitieunique
  • 17
  • 3
0
votes
0 answers

How to prevent browser fingerprinting accoss VM's whilst remaining natural?

I am using a couple VM's fitted with proxies and find that browser fingerprinting across VM's causes me many issues. I also have issue with the browser created inside VM leaking that I am using VM. May seem like a n00b question, but is anyone able…
reputable2020vision
  • 11
  • 1
0
votes
0 answers

How can you fingerprint a Django web app?

In order to better protect my Django web app, I want to reduce the leakage of information that could help an attacker profile my application. If you were an attacker, what would you look at to identify a Django web app? From OWASP, I know that this…
Kyle Fennell
  • 921
  • 4
  • 12
0
votes
1 answer

Tor Browser: Could a website or ISP detect modification to DOM done by users if Javascript is disabled?

I have Tor Browser (which is basically Firefox ESR) on "Safest" setting (Javascript disabled). We're generally scolded about using extensions in it, as they can alter web traffic patterns to or from your browser, adding another fingerprinting vector…
stranger
  • 101
  • 2
0
votes
2 answers

Can I bypass basic auth to fingerprint a web server with Httprint or netcat?

There is a web server I'd like to recon using httprint. But that web server has a basic auth protection on 443. Port 80 is not responding. When I launch httprint, it says Unspecified Error The same thing happens with netcat. It fails because of…
tommy
  • 3
  • 2
0
votes
1 answer

Possible to detect tools like HTran from network analysis?

There is a publicly available tool called HTran which is widely used by criminal groups in cyberattacks to exfiltrate data. It simply relays traffic from one host to another, much like a proxy. It is typically used to relay information from an…
john doe
  • 648
  • 4
  • 15
0
votes
0 answers

How to fingerprint Windows 10 reliably?

Recently, I have been practicing penetration testing and I have come to a standstill when trying to fingerprint the OS for a Windows 10 target with nmap. For the most part, I'm not able to identify the machine as Windows 10. The best guess nmap…
rodney williams
  • 1
0
votes
1 answer

Fingerprinting Windows Architecture from a file on remote system

This is a post following up with this one. Similar situation as the above post - I'd like to know if there's a way to find out the architecture (x86 or x64) of a windows system from a file on a remote system. This is assuming I can only read files…
Izy-
  • 853
  • 1
  • 8
  • 17
0
votes
1 answer

How os fingerprinting works and how to prevent it in browser?

For privacy I always changed my useragent of browser regularly and it used to work. But lately changing useragent alone in browser dosen't prevent os fingerprinting. Tools like https://browserleaks.com can correctly guess my os eventhough I have…
Eka
  • 559
  • 1
  • 5
  • 15
0
votes
1 answer

What is ScriptSafe's "Client Rectangles" and what information does it leak?

Just wondering how this one affects the privacy and security because it breaks a lot of sites displaying images for example.
Jack
  • 421
  • 2
  • 4
  • 10
0
votes
1 answer

Re-run nmap OS fingerprint match with existing subject fingerprint

I have a collection of nmap subject fingerprints (described here), but have updated my local (private) reference fingerprint database since they were collected. Is there any existing way to re-match these subject fingerprints against the updated…
njv299
  • 3
  • 1
0
votes
1 answer

WAFDetect Extension of Burpsuite

I am creating a list of tools for waf fingerprinting. I have installed waf-detect plugin from bapp store in burpsuite. This plugin runs in the background and create passive scanner issues when WAF traces are detected. How I can see the result of…
Danish
  • 73
  • 1
  • 3
0
votes
1 answer

Process of finding device hostnames on LAN

Is there a reliable way to retrieve hostnames from LAN devices without having to install extra software or performing nmap-style OS fingerprinting? I'm ideally looking for either a protocol that has something like this built in or a program that…
Crizly
  • 2,597
  • 4
  • 18
  • 29
1 2 3
9
10