Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Regarding URL Rewriting Engines
Posted by: dragunov
Date: September 07, 2009 11:45PM

Hey guys

I was wondering if any of u know what is the proper way of detecting a URL rewriting engine implemented on the web server side.
I have seen one way in which if we find a file existing in a non-existing directory, there is probably a URL rewriting engine employed on the server side (Thats what application scanners like acunetix say).

Has anyone of u got a proper method (or methods) through which we can be sure that there is a URL rewriting engine implemented on the server side.

Thanks

Options: ReplyQuote
Re: Regarding URL Rewriting Engines
Date: September 09, 2009 07:16PM

If you can invoke say a 404 error the server well for Apache usually errors with the pathname/file that it can't find. If it is different from what the actual URL is then you can be sure its being re-written. I am not sure otherwise how you could know.

Options: ReplyQuote
Re: Regarding URL Rewriting Engines
Posted by: dragunov
Date: September 09, 2009 11:11PM

hi CrYpTiC_MauleR

thanks for the reply
but are u sure this happens in apache?
because if it does, thats really great and i will have to test that.
and have u ever used acunetix and the way it decides that the server is employing a url rewriting engine?

thanks in advance

Options: ReplyQuote
Re: Regarding URL Rewriting Engines
Posted by: rvdh
Date: September 10, 2009 11:35AM

Sure, mod_rewrite.

If doesn't generate error codes, it's probably rewritten to HTTP status 200 e.g. rewritten.

Options: ReplyQuote
Re: Regarding URL Rewriting Engines
Posted by: dragunov
Date: September 10, 2009 11:36PM

Hi rvdh
I didnt got ur point.
Is this wat u meant -
if mod_rewrite is used, we wont get any errors and always be redirected to a 200 OK?
Thanks in advance

Options: ReplyQuote
Re: Regarding URL Rewriting Engines
Posted by: rvdh
Date: September 12, 2009 10:05AM

Yeah, well it's like this.

If you get a http status code of 404 back in the header for example, but without obvious error page containing the description, its rewritten. So you can check on that. The http_code in the response header will show the error code, it has to.

Options: ReplyQuote
Re: Regarding URL Rewriting Engines
Posted by: dragunov
Date: September 14, 2009 12:07AM

Hi rvdh

Correct me if I am wrong , but I think what u r saying will happen only if the URL rewriting engine is configured to redirect to a custom error page, if the requested URL is not found. I have configured mod_rewrite in my xampp apache web server to rewrite the URL http://site/index.php?page=a to http://site/page/a.

But when I try to cause a 404 error message, the message is the same as the orignal 404 shown by xampp.

Thanks

Options: ReplyQuote
Re: Regarding URL Rewriting Engines
Posted by: rvdh
Date: September 14, 2009 11:02AM

Yeah.

If you look at my page: http://rvdh.ath.cx/foo

that request is rewritten, because the folder doesn't not exist. However, it still returns a http_code back, namely a 404 in the header. (a server SHOULD do this according to the RFC 2616) so that's all cool.

Now, I return a simple txt file back, so that actually is a 200 because the file is there. Now, when I parse the message I get back on a 404, and it doesn't match a signature, it means it's rewritten.

That was your question right?

Options: ReplyQuote
Re: Regarding URL Rewriting Engines
Posted by: dragunov
Date: September 15, 2009 11:56PM

Hi rvdh
Ur page is not opening..
And I did'nt understand ur point.
Can u be a bit clear??
TIA

Options: ReplyQuote


Sorry, only registered users may post in this forum.