Similar to operating system fingerprinting, this technique uses unique fingerprints that are available on each version of a web application to determine which one is being used.
What these fingerprints are, depend on the web application, but generally we can use .js (javascript) , .css and a few other files that are available and we can access the source remotely. We can’t do the same with .php, because it will not return the source (only the executed output).
To create the fingerprints, we need download the packages for different versions and perform a diff between each of them. After that, we compare the diffs looking for unique patterns present on each version.
To exemplify this technique we are going to use WordPress, since it is widely used and have an archive with all their versions. For closed-source applications, it can still work, but require getting access to a few installations with known versions to create the baselines.
