4.3. Web servers

Every type of web server has its purpose and its unique fingerprint. To give the students the feeling of the real world, various web servers are running. They don’t serve content, they are just lurking around for fingerprinting and bannergrabbing. The following web server are available.

To run all web servers on one machine it’s needed that they use different ports. Table below shows the ports and the assigned web server.

Port Server
80 lighttpd
8000 droopy
8008 cherokee
8080 tomcat
8800 apache
8808 nginx
8880 pywebserve
8888 http-server

At the moment the most web servers doesn’t support https. This is a task for the future. The only web server with SSL support is nginx.

$ nc 10.0.0.64 8080
HEAD / HTTP/1.1
host: localhost

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"7777-1342949470000"
Last-Modified: Sun, 22 Jul 2012 09:31:10 GMT
Content-Type: text/html
Content-Length: 7777
Date: Fri, 26 Apr 2013 21:20:57 GMT

A connection to nginx over SSL.

$ openssl s_client -crlf -connect 10.0.0.64:443
CONNECTED(00000003)
depth=0 C = CH, ST = BE, L = Berne, O = Test bench, CN = test-bench.localdomain
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CH, ST = BE, L = Berne, O = Test bench, CN = test-bench.localdomain
verify return:1
---
Certificate chain
 0 s:/C=CH/ST=BE/L=Berne/O=Test bench/CN=test-bench.localdomain
   i:/C=CH/ST=BE/L=Berne/O=Test bench/CN=test-bench.localdomain
---
Server certificate
-----BEGIN CERTIFICATE-----
[snip]
-----END CERTIFICATE-----
subject=/C=CH/ST=BE/L=Berne/O=Test bench/CN=test-bench.localdomain
issuer=/C=CH/ST=BE/L=Berne/O=Test bench/CN=test-bench.localdomain
---
No client certificate CA names sent
---
SSL handshake has read 1770 bytes and written 369 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 33515B817[snip]427BB415
    Session-ID-ctx:
    Master-Key: 0956B7B[snip]F729586
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    [snip]
    Start Time: 1367011380
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
HEAD / HTTP/1.1
host: localhost

HTTP/1.1 200 OK
Server: nginx/1.2.8
Date: Fri, 26 Apr 2013 21:23:16 GMT
Content-Type: text/html
Content-Length: 944
Last-Modified: Fri, 26 Apr 2013 17:01:48 GMT
Connection: keep-alive
Accept-Ranges: bytes

The next example shows a connection the http-server.

$ nc 10.0.0.64 8888
HEAD / HTTP/1.1
host: localhost

HTTP/1.1 200 OK
server: ecstatic-0.1.7
etag: "139483-944-Fri Apr 26 2013 19:09:31 GMT+0200 (CEST)"
last-modified: Fri, 26 Apr 2013 17:09:31 GMT
cache-control: max-age=3600
content-type: text/html
Date: Fri, 26 Apr 2013 21:24:51 GMT
Connection: keep-alive