tags:

views:

82

answers:

3
+1  Q: 

How can we tell what language/technology was used to render an HTML document?

In general, a web application can render any HTML it likes. Therefore, in theory, any language could render identical HTML output.

However, there are some ways we can try to deduce what is running server-side. For instance, file extensions are usually a dead giveaway (although they could technically be faked). Due to my experience with ASP.NET, I know that one way we can identify an ASP.NET application is by the presence of VIEWSTATE in the rendered document, although the lack of viewstate does not necessarily mean that the application is not running on ASP.NET

We could run some OS/server fingerprinting on the server, but in general that would not help much - these days, even Windows servers can run quite a few application platforms.

What other analysis techniques are available that can help us determine what's running on the server? What other clues do certain languages leave?

If we can better understand the artifacts our applications are leaving, perhaps so small that we haven't noticed them, we can begin to better our security by removing them from the output.

A: 

In the HTTP headers, you'll (usually, but not always) find a header called Server which indicates the web server used to server the web page. Sometimes you'll find a header called X-Powered-By which indicates the platform/technology used by the web server.

Asaph  2009-10-05 00:45:51
+2  A: 

Checking the HTTP Headers is a good start. IIS6 and ASP.Net by default seems to insert an X-Powered-By Header with ASP.Net as a value.

Scott Ferguson  2009-10-05 00:47:29
A: 

https://addons.mozilla.org/en-US/firefox/addon/2166

As others mentioned, you can checkout the Server and X-Powered-By headers. For example, stackoverflow's server is Server: Microsoft-IIS/7.0 so I can deduce this is ASP powered.

Here are a few random sites I visited and some X-Powered-By headers:

  • X-Powered-By: PHP/5.2.9. (php forum)
  • X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.0.3 (rubyonrails.org)

Other web applications have a signature in the footer that can be seen, eg Powered-By ( application name ).

meder  2009-10-05 00:59:03

related questions

Which resolution to target for a Mobile App?
iPhone app that access the Core Location framework over web
Displaying version of underlying software in footer of web app?
How Did You Decide Between WISA and LAMP?
What strategies have you employed to improve web application performance?
What skills do you need for proper UI/Interaction/Functional design in Web Apps?
Storing logged in user details
How do you unit test web apps hosted remotely?
Broken chart images in Crystal Reports in web application
Best Way to Begin Learning Web Application Design
JRuby / Rack deployment
How to affordably release a Web App
Best practices for managing and deploying large javascript apps
Building Standalone Applications in JavaScript
iPhone web applications, templates, frameworks?
How do you stress test a web application?
RSS feeds from Gallery2
Recommendation for straight-forward python frameworks
Graphing JavaScript Library
What to use for login ID?
What's your opinion on using UUIDs as database row identifiers, particularly in web apps?
Implementing an online ordering system for a restaurant/cafe.
Web App Beta
What Hosting Service is best for Django applications?
How to make subdomain user accounts in a webapp