[cs615asa] Dishonest Servers

Jiahan Liu jliu120 at stevens.edu
Thu May 7 19:19:10 EDT 2020


    I think it is possible and easy to alter this information because it is a field written in the http header. Even for the servers themselves, they could probably lie about it because of the security consideration. The servers can alter any information in packages they send by using a proxy, let's say Burpsuite. As for if it is common to do so, not really (I guess). Maybe only for the servers which are very sensitive about their information will choose to do so.

From: cs615asa-bounces at lists.stevens.edu <cs615asa-bounces at lists.stevens.edu> on behalf of Mark Freeman <mfreema1 at stevens.edu>
Sent: Thursday, May 7, 2020 16:00
To: CS615 - Aspects of System Administration <cs615asa at lists.stevens.edu>
Subject: [cs615asa] Dishonest Servers

Hi all,

I have a question that is not in any way related to the CtF.

Do servers commonly lie about what specific technology they are using?  For instance, say that a server responds to me with a `Server: Apache/2.2` header.  Should I take that at face value?  I imagine it is set by the server itself so most users will likely not alter it, however they still could.  Is that a common thing?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20200507/6a0b2e2d/attachment.html>

More information about the cs615asa mailing list