# Introducing HTTP-Basma - Adaptive Fingerprinting: HTTP-Basma's Multi-Stage Probing for Granular Server Differentiation

![](https://cdn.hashnode.com/uploads/covers/698bbaaf2b3404faadd9aff8/00c8b8ef-deb7-4cd7-8209-9013642ae961.png align="center")

**N**etomize is happy to announce the release of a new HTTP fingerprinting algorithm called **HTTP-Basma** to identify HTTP servers using a reversible fingerprint codenamed verbosus.

In the realm of cybersecurity, accurately identifying and characterizing web servers is crucial for threat detection, vulnerability assessment, and network mapping. We introduce HTTP-Basma, a novel active fingerprinting algorithm that unveils unique server profiles through a multi-layered approach.

Key Features: Crafted Requests, Revealing Responses: HTTP-Basma sends 8 meticulously designed HTTP probes, eliciting distinctive responses that reflect server configurations. Moreover, it offers dual hashing for versatility. The algorithm generates two hashes:

*   A 38-byte fuzzy hash, "verbosus", offering reversibility
    
*   A 16-byte one-way hash, "pacto", derived from verbosus, enhancing privacy and security
    

Clustering and Hunting: These hashes empower server clustering, identification of unique and similar servers, and the pursuit of malicious actors with heightened confidence.

Modular Design for Expansion: The algorithm's architecture fosters the addition of new hashing variants, encouraging collaboration and adaptability.

The full technical details of the algorithm are in the [paper](https://github.com/Netomize/HTTP-Basma/blob/main/http-basma_paper_mfmokbel_v1.pdf), where we first survey notable existing work on HTTP fingerprinting and then explore the algorithm's functionality, design, architecture, and outcomes. Additionally, we will showcase compelling findings from scanning the top 1 million Majestic websites, including the identification and clustering of C&C HTTP servers for various malware families.

The source code, Windows and Linux binary releases, and supporting data are available on GitHub [HTTP-Basma](https://github.com/Netomize/HTTP-Basma). We are working on an HTTP server edition.

Links:

*   GitHub repo [HTTP-Basma](https://github.com/Netomize/HTTP-Basma) with details
    
*   Paper [HTTP-Basma - Adaptive Fingerprinting: HTTP-Basma's Multi-Stage Probing for Granular Server Differentiation](https://github.com/Netomize/HTTP-Basma/blob/main/http-basma_paper_mfmokbel_v1.pdf)
    
*   [Source code](https://github.com/Netomize/HTTP-Basma/tree/main/src)
    
*   [Top 1 million Majestic websites](https://majestic.com/reports/majestic-million)
    
*   Supporting data - [majestic 1-million HTTP-Basma fingerprints CSV File - data set](https://github.com/Netomize/HTTP-Basma/releases/download/v1.0/majestic_1_million_http_basma_fingerprints_csv.zip)
    
*   [Release](https://github.com/Netomize/HTTP-Basma/releases) (Windows and Linux x64-bit release)
    

* * *

Mohamad Mokbel

May 20, 2026
