Making Httprint module
From OWASP Live CD 2008
Contents |
Get the Binary for Httpring
Go to the Httprint website and navigate to the download section. In the downloads section, you'll see links to the releases for various platforms. Grab the latest Linux version which is httprint_linux_301.zip at the time of this writing.
Go ahead and extract the download into the working/temp directory:
$ cd temp/ $ unzip httprint_linux_301.zip $ cd ../
Create the needed directories in fakeroot
Eventually, we'll use dir2lzm to make the module, so lets get the directories created that we need:
$ mkdir -p ./fakeroot/opt/owasp/ $ mkdir -p ./fakeroot/usr/bin $ mkdir -p ./fakeroot/usr/share/aplications $ mkdir -p ./fakeroot/usr/share/pixmaps
Create and put the module's files into the fakeroot directory
Since we are getting a pre-compiled binary, lets get the application file where it needs to go.
$ mv temp/httprint_301/linux fakeroot/opt/owasp/httprint
Next, well need a script to start httprint in fakeroot/usr/bin. This one is very easy:
$ vi fakeroot/usr/bin/httprint [create script] $ cat fakeroot/usr/bin/httprint #!/bin/bash cd /opt/owasp/httprint ./httprint "$@" $ chmod 775 fakeroot/usr/bin/httprint
Because Httprint is a command line tool, we're going to create two startup scripts to be used by the menu item:
$ vi fakeroot/usr/bin/startup-fierce
[create script]
# cat fakeroot/usr/bin/startup-fierce
#/bin/sh
echo " _ _ _ _ _ "
echo " | |__ | |_| |_ _ __ _ __(_)_ __ | |_ "
echo " | '_ \| __| __| '_ \| '__| | '_ \| __| "
echo " | | | | |_| |_| |_) | | | | | | | |_ "
echo " |_| |_|\__|\__| .__/|_| |_|_| |_|\__| "
echo " |_| "
echo " "
echo " "
echo " httpring - web server fingerprinting tool"
echo " (part of the OWASP Live CD)"
echo " "
echo " httprint is a web server fingerprinting tool. It relies on web "
echo " server characteristics to accurately identify web servers, despite "
echo " the fact that they may have been obfuscated by changing the server "
echo " banner strings, or by plug-ins such as mod_security or servermask."
echo " "
echo " Type 'httprint -?' for help"
echo " "
echo " Usage: "
echo " httprint {-h <host> | -i <input file> | -x <nmap xml file>} -s <signatures> [... options]"
echo " "
echo " Type 'update-httprint' to retrieve the latest signature file.
echo " "
echo " The signature file can be called using 'httprint -h <host> -s ./signatures.txt'"
$ chmod 775 fakeroot/usr/bin/startup-fierce
Since I just mentioned it, lets go ahead and create the script to update the signatures file:
$ vi fakeroot/usr/bin/update-httprint $ cat fakeroot/usr/bin/update-httprint #!/bin/sh cd /opt/owasp/httprint mv -f signatures.txt previous-signatures.txt wget http://net-square.com/httprint/signatures.txt if [ ! -e signatures.txt ]; then mv -f previous-signatures.txt signatures.txt echo "Updating signatures failed - keeping previous ones" else echo "Signatures updated. The old signature file can be found" echo " at /opt/owasp/httprint/previous-signatures.txt" fi $ chmod 775 fakeroot/usr/bin/update-httprint
Creating httrping's menu file is rather simple. Use a text editor and create the file httprint.desktop
$ vi fakeroot/usr/share/applications/httprint.desktop [create the file] $ cat fakeroot/usr/share/applications/httprint.desktop [Desktop Entry] Encoding=UTF-8 Exec=startup-httprint; bash Icon=/usr/share/pixmaps/httprint-icon.png Type=Application Categories=Application;Network; Name=Fingerprint Web Servers Terminal=1 TerminalOptions=-T "Httprint - Web Server Fingerprinting Tool" GenericName=Httprint MimeType= X-KDE-StartupNotify=true
The icon was a bit interesting. I decided to use Google Images to find a image of a fingerprint then apply some Gimp-foo. I then moved that into fakeroot.
cp ./temp/httprint-icon.png ./fakeroot/usr/share/pixmaps/
Everything is in place to create the modules, a quick final check:
find fakeroot fakeroot/ fakeroot/opt fakeroot/opt/owasp fakeroot/opt/owasp/httprint ...
Generate the .lzm module
This is the easy part.
$ ./dir2lzm ./fakeroot httprint-301.lzm
Add the modules to the ISO build directory
Also cake
$ cp -i httprint-301.lzm ../contents/slax/base/ $ chmod 775 ../contents/slax/base/httprint-301.lzm
Test the new module
I like scp'ing the new modules into a running Live CD and using the Module Manager to Add modules to a running system. I typically have the Live CD running in a VM while I create modules so its already up and ready.
You can also gen a new ISO and run it in a VM of your choice.
$ cd ../contents/slax/ $ ./make_iso.sh /home/mtesauro/isos/new-owasp.iso
If anything doesn't work as expected, make the changes needed to ./fakeroot and try again.
Clean up and archive
Once you've got a working module, lets clean up a bit.
$ $ mkdir ./completed_modules/httprint $ mv httprint-301.lzm ./completed_modules/httprint/ $ mv temp/httprint_linux_301.zip ./completed_modules/httprint/ $ rm -rf ./temp/*
I usually delete anything under ./fakeroot also.
$ rm -rf ./fakeroot/*
