Application Service Discovery – Week 8

I have extended the module to support a few more applications this week. I had to go back and change the pattern recognition methodology for wordpress and MySQL server (see previous week post) as they were not working for all cases.

For wordpress, the new pattern that I check is ‘GET /wp-.’

The reason I had to change was, the previous pattern was seen even in response packets and thus even the client was being identified as running a WordPress application.

The pattern for a MySQL server is pretty much the same, but the only case I had to reconsider was white spaces around the previous pattern. I have made the change in the module.

I also extended support to any web server available. Again, it was pretty straightforward as I had to only scrape the value of the field ‘server’ in any given packet.



Leave a Reply

Your email address will not be published. Required fields are marked *