Fingerprinting is an information-gathering technique that enables threat actors to profile and subsequently attack an application. The relevant data is acquired from the names and values specified in the HTTP header, which ultimately differentiate and profile an application.
This assesses the foundation of a site to determine characteristics such as, what server and software are running. Automated bots are often programmed to acquire this information and will also seek:
- URL path case sensitivity
- URL path patterns
- Error messages
It’s worth noting that while fingerprinting assesses an application’s important components, it is a less detailed analysis of an application’s working parts than footprinting.
How does fingerprinting work?
A response from this query is sent back to the client and it includes information such as:
- Request method
- Server Software
- Server Language
- Character Encoding scheme
Active fingerprinting vs passive fingerprinting
There are two ways a threat actor can acquire and enact a fingerprint against an application: active or passive.
It involves using real client-side applications to gather user agent strings, browser header values, etc., in order to perform detailed analysis on each browser and their version.
It uses analysis of existing data from a server, instead of active probing. Passive fingerprinting is considerably faster than active, but the resolutions are lesser and accuracy is reduced as well.
Talk to our team of cyber-security experts today to discover more about our pioneering approach to bot management to help you detect unwanted bot activity and defend against it.