• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 347
  • Last Modified:

fooling netcraft about OS info. HOW?

The site mentions a few sites that intentionally send out misleading data about which OS its running.  How is this done?
1 Solution
Most web servers respond with some info on the type of server they are running.  Below is a sample trace.  You'' See the "Server:" header indicates the server type and OS.

$ telnet server.company.com 80
Connected to server.company.com.
Escape character is '^]'.

HTTP/1.1 200 OK
Date: Tue, 04 Mar 2003 13:26:41 GMT
Server: Apache/1.3.12 (Unix) PHP/3.0.16
Last-Modified: Wed, 19 Feb 2003 17:37:19 GMT
ETag: "2cb663f-146a-3e53c0cf"
Accept-Ranges: bytes
Content-Length: 5226
Connection: close
Content-Type: text/html

Connection closed by foreign host.

On most Web servers you can configure what (if anything) gets sent back to the browser in the "Server:" tag.

Docs to do this for Apache are here

NetCraft can also guess the OS by looking at the raw TCP/IP data.  Each OS produces a slightly different TCP/IP format although they all conform to the spec.  By looking the the raw TCP/IP profile and comparing it to the profile of known OS's you can guess the OS.  This too can get a bit messed up as proxy servers between the user and the server will put their own TCP/IP profile on the data.

Lots of detail on the NetCraft site
gord11Author Commented:
hmmm...that was quick.   Thank you very much..

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now