Untangle: Multi-Layer Web Server Fingerprinting
Cem Topcuoglu
Network and Distributed System Security (NDSS) Symposium 2024 · Day 3 · Network Infrastructure
In the modern web landscape, sophisticated web applications are rarely deployed as monolithic, single-server entities. Instead, they commonly reside behind complex, multi-layered architectures comprising Content Delivery Networks (CDNs), reverse proxies, and various cloud services. This architectural evolution, while enhancing performance and security, has rendered traditional web server fingerprinting tools largely ineffective. These legacy tools, designed to inspect HTTP responses for characteristic strings and server quirks, are fundamentally blind to the intricate processing and transformations occurring across multiple intermediaries. This talk, "Untangle: Multi-Layer Web Server Fingerprinting," presented by Cem Topcuoglu at the NDSS Symposium, addresses this critical gap by introducing a novel methodology and a prototype tool, Untangle, capable of accurately identifying both the server technologies involved in a layered chain and their correct ordering.