recon/active_reconnaissnce
Infra Mapping
Web Application Firewall (WAF)
Load Balancer
If a load balancer is in place, traffic is split across multiple servers, which may differ in configuration, security, or vulnerabilities. It can expose inconsistencies, help bypass protections like WAFs, and reveal how resilient the system is under stress.
Load Balancer Detection Methods
Method
Checks
Possible Indication
DNS Loadbalancing
Checks for different IPs when resolving the domain
Multiple backend IPs (DNS round-robin)
HTTP [Server]
Looks for changes in the Server response header
Different web servers behind a load balancer
HTTP [Date]
Compares the Date header in each response
Servers have unsynchronized clocks (suggests multiple servers)
HTTP [Diff]
Compares the full content of responses
Different server states or versions (or dynamic content)
Last updated