Introducing HTTP-Basma - Adaptive Fingerprinting: HTTP-Basma's Multi-Stage Probing for Granular Server Differentiation
We empower businesses with cutting-edge software and expert services to navigate the complexities of today's cyber landscape. Secure your network with cutting-edge software and services that ensure your safety and peace of mind!
Netomize is happy to announce the release of a new HTTP fingerprinting algorithm called HTTP-Basma to identify HTTP servers using a reversible fingerprint codenamed verbosus.
In the realm of cybersecurity, accurately identifying and characterizing web servers is crucial for threat detection, vulnerability assessment, and network mapping. We introduce HTTP-Basma, a novel active fingerprinting algorithm that unveils unique server profiles through a multi-layered approach.
Key Features: Crafted Requests, Revealing Responses: HTTP-Basma sends 8 meticulously designed HTTP probes, eliciting distinctive responses that reflect server configurations. Moreover, it offers dual hashing for versatility. The algorithm generates two hashes:
A 38-byte fuzzy hash, "verbosus", offering reversibility
A 16-byte one-way hash, "pacto", derived from verbosus, enhancing privacy and security
Clustering and Hunting: These hashes empower server clustering, identification of unique and similar servers, and the pursuit of malicious actors with heightened confidence.
Modular Design for Expansion: The algorithm's architecture fosters the addition of new hashing variants, encouraging collaboration and adaptability.
The full technical details of the algorithm are in the paper, where we first survey notable existing work on HTTP fingerprinting and then explore the algorithm's functionality, design, architecture, and outcomes. Additionally, we will showcase compelling findings from scanning the top 1 million Majestic websites, including the identification and clustering of C&C HTTP servers for various malware families.
The source code, Windows and Linux binary releases, and supporting data are available on GitHub HTTP-Basma. We are working on an HTTP server edition.
Links:
GitHub repo HTTP-Basma with details
Supporting data - majestic 1-million HTTP-Basma fingerprints CSV File - data set
Release (Windows and Linux x64-bit release)
Mohamad Mokbel
May 20, 2026