Footprinting
Overview
Website footprinting involves gathering information about the software and
hardware components, versions and configurations used on a website.
Footprinting is not an attack in its own right. However, it is a first step in
many attacks against websites. By being aware of and preventing it, certain
attacks against your website will be made more difficult or prevented entirely. Estimates suggest at least
1 out of 2 sites leak information.
What makes a
site vulnerable?
A site is vulnerable to footprinting when it gives away information
about the platform on which it runs, or about its source code. This may be
obvious, such as a blog which declares it is using Wordpress. It may also be
subtle, such as the order of headers in the HTTP response giving away the web
server which produced it. A site may give up information in error messages
triggered by bad input. Commonly overlooked vectors for bad input include the
server variables and session id.
Impact of website footprinting
By footprinting a website, an attacker will be able to gain
information which may assist in future attacks against the site. By determining
which software you are using, and which specific version you are running, the
attacker may be able to determine that your site is vulnerable to any known
exploits for that software and version. If you employ open-source software, in
particular, the attacker may be able to determine and obtain the exact same
source code as that which generates your site. The attacker will be able to
study this knowing that any vulnerability he finds will also exist in your
site. Even if you don’t use open source code, your code may still be leaked, as
happened to Facebook in
August 2007.
Preventing your website footprinting
Footprinting can be addressed in several ways. By identifying and minimising
sources of information about the workings of your site, you will reduce the amount
of information available to the attacker. It is also possible to manipulate the
information your website gives out (for instance, you could configure your web
server to provide the same information normally given out by some other web
server software). Any attacks the attacker tries out based on this information
are unlikely to work if they apply only to the web server whose footprint you
are copying. If open-source tools are used, it is desirable to hide this fact.
Where it is not possible to do (e.g. through the distinctiveness of the
functionality provided), you should use the latest version to minimise the risk
that vulnerabilities exist. The same applies to all other code which runs on
your website; by running the latest version you minimise the risk that foot-printing
will lead to the identification of a valid exploit against that code.