Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Pentesting a Web Applicaton behind Akamai Technology
From: <peter.schaub () thomson com>
Date: Wed, 16 May 2007 14:51:26 -0400

Hi Greg,
You should ask the clients for the 'origin' Ips (or DNS names) that
correlate to the app you are testing. 
Or....
Try looking up 'origin-sitename.com' or 'origin.sitename.com' somehting
along those lines if the client will not provide you the direct Ips or
DNS names of the app.

The origin IP address that the Akamai 'edge' servers (which you are
currently seeing) connect back to get updated content from the client.
Akamai is used as a content caching system (among many many other
things), so their servers will take a bulk of the incoming requests,
hold the data on their edge servers, serve the content when requested,
and then will go back and hit the clients origin server, once the time
to live on a specific object expires, to get new data.

Hope this helps a bit.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of grd () netexpert ch
Sent: Wednesday, May 16, 2007 9:42 AM
To: pen-test () securityfocus com
Subject: Pentesting a Web Applicaton behind Akamai Technology

Hi everybody,

 

I'm doing a Pentest on a Web Application for a client. The only
information I have is the DNS name of the website. After doing the basic
steps of footprint and enumeration, I found out that the IP adress of
the website is not in the IP range of the client and is owned by Akamai
Technology. It means that if I'm going on with the furter steps of
pentesting, I'll pentest Akamai and not the "real" website of the
client.

 

Is there a way to find the "real" IP address of the website ?

 

Has everyone faced this kind of configuration ?

 

For information, this is the header of the website when attempting a
page that doesn't exist :

 

HTTP/1.0 400 Bad Request

Server: AkamaiGHost

Mime-Version: 1.0

Content-Type: text/html

Content-Length: 186

Expires: Wed, 16 May 2007 13:39:42 GMT

Date: Wed, 16 May 2007 13:39:42 GMT

Connection: close

 

Thanks,

 

Greg

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with our 20/20
program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault