Website Footprinting

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 6 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
>> Hey everyone, welcome back to the course.
00:00
In this video we're going to go over
00:00
a brief introduction to website footprinting.
00:00
We'll talk about what website for printing actually is.
00:00
We'll also talking about some of the information that
00:00
we can gather as an adversary,
00:00
and we'll talk about some of the tools
00:00
that are used for website footprinting.
00:00
Keep in mind that this is not going to be
00:00
an all-inclusive list of
00:00
every possible available tool for website footprinting.
00:00
We're just going to cover some of the
00:00
common ones that are in use.
00:00
What is website footprinting?
00:00
Well, this is basically just
00:00
monitoring and analyzing the target's website.
00:00
The goal here, again,
00:00
with footprinting is just gathering information.
00:00
We may use things like web spiders because these
00:00
perform automated searches on the target website,
00:00
and they'll collect specific information for us.
00:00
Could be information like employee names.
00:00
Maybe the website has a blog on there and we're able
00:00
to identify certain things
00:00
that certain employees are doing,
00:00
or they've got their executive team listed.
00:00
We're able to identify, to start mapping out who is who,
00:00
and who might be a potential target
00:00
for social media that's going to be a good target for us.
00:00
It also helps us identify vulnerabilities.
00:00
Website footprinting allows us to identify what is
00:00
the organization currently using,
00:00
and what can we exploit?
00:00
Then we can use a website mirroring as well to
00:00
make an actual copy of
00:00
the different pages of the website.
00:00
We can look at the code itself.
00:00
We can look at the HTML code itself and identify,
00:00
did maybe a developer
00:00
hard-code some credentials in there?
00:00
Did they leave some comments in there that might
00:00
help us identify certain systems in
00:00
use or certain potential issues
00:00
we might be able to exploit in the code?
00:00
That's why we would mirror the website.
00:00
What kind of information can we actually gather?
00:00
Well, we can get information on the header.
00:00
For example, we can get information like
00:00
the connection status and Content-Type.
00:00
We can learn the accepted ranges.
00:00
We can also look at last modified information,
00:00
the x powered by information,
00:00
as well as the webserver that's
00:00
actually in use and the version of it.
00:00
We can look at the HTML source code itself.
00:00
Again, as I mentioned,
00:00
look for any hard-coded credentials,
00:00
we can find potentially contact information
00:00
of the web developer or the development team,
00:00
as well as potentially the admin.
00:00
We can look at the file system structure.
00:00
How are things actually structured
00:00
for this particular site?
00:00
We can look at the scripting that's in use,
00:00
and we can also look for additional comments in
00:00
that source code to see what kind
00:00
of other information can we gather?
00:00
We can also learn about things like the filename,
00:00
or how the file system is actually structured.
00:00
We can learn about the past.
00:00
We can potentially learn about database fields,
00:00
as well as other information
00:00
that can help us query that database.
00:00
We can also potentially find
00:00
things like the operating system in use.
00:00
We can learn about
00:00
things like contact information as we talked about
00:00
email addresses or content management system
00:00
or CMS information,
00:00
as well as learning about the cookies.
00:00
We can review the cookie information.
00:00
That may give us some information
00:00
about the software that's in use,
00:00
or just the behavior of that software,
00:00
as well as any scripting platforms that might be used.
00:00
What are some of the tools that we can
00:00
actually use for website footprinting?
00:00
Well, we've got tools like Burp Suite,
00:00
which is a very, very common one.
00:00
We've also got things like FireBug, GrabsIt,
00:00
and HTTrack, as well as Website Informer.
00:00
HTTrack, we'll I should do a demonstration
00:00
video a little later on in this module.
00:00
Just a quick quiz question here for you.
00:00
When performing footprinting of a websites,
00:00
which of the following information
00:00
can you actually gather?
00:00
Can you gather information about the operating system,
00:00
the file system structure,
00:00
or can you gather information about the CMS,
00:00
or content management system?
00:00
This one, again, was a trick one. It's all of them.
00:00
We can gather information about
00:00
the operating system that might be in use.
00:00
We can gather information around
00:00
things like subdirectories parameters.
00:00
We can gather a scripting information.
00:00
We can gather file system information.
00:00
We can learn about the past.
00:00
We can learn about potential database fields.
00:00
Then we can query that database.
00:00
We can learn about the content management system.
00:00
The contact information potentially about
00:00
the web developer or the admin.
00:00
We can potentially get credential information.
00:00
The software that's being
00:00
used across the board on the site.
00:00
Just a lot information we could potentially
00:00
gather from website footprinting.
00:00
In this video, we talked about
00:00
website footprinting actually is.
00:00
Again, just always think when you hear footprinting,
00:00
always think of gathering information.
00:00
That's going to help you a lot if
00:00
you go to take the CEH exam.
00:00
We also talked about some of the
00:00
information that we can gather.
00:00
Again, things like the file system structure information,
00:00
things like, from the HTML code,
00:00
we can learn potentially credential information
00:00
or just comments by
00:00
the developer that can help us
00:00
identify potential vulnerabilities.
00:00
We learned about some of the common
00:00
tools for website footprinting.
00:00
For example, Burp Suite and HTTrack,
00:00
which again, we'll go over
00:00
a brief demonstration in this course.
Up Next