In this section, we will grab the HTTP banner of a website. Banner grabbing or OS fingerprinting is a method to determine the operating system that is running on a target web server. In the following program, we will sniff the packets of a website on our computer, as we did in Chapter 3, Sniffing and Penetration Testing.
The code for the banner grabber is shown as follows:
import socket import struct import binascii s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0800)) while True: pkt = s.recvfrom(2048) banner = pkt[0][54:533] print banner print "--"*40
Since you must have read Chapter 3, Sniffing and Penetration Testing, you should be familiar with this code. The banner = pkt[0][54:533]
statement is new here. Before pkt[0][54:]
, the packet contains TCP, IP, and Ethernet information. After doing some hit and trail, I found that the banner grabbing information resides between [54:533]
.You can do hit and trail by taking slice [54:540]
, [54:545]
, [54:530]
and so on.
To get the output, you have to open the website in a web browser while the program is running, as shown in the following screenshot:
So the preceding output shows that the server is Microsoft-IIS.6.0, and ASP.NET is the programming language being used. We get the same information as we received in the header checking process. Try this code and get some more information with different status codes.
By using the previous code, you can prepare information gathering reports for yourselves. When I apply information gathering methods to websites, I generally find lots of mistakes done by clients. In the next section, you will see the most common mistakes found on a web server.