What is CDN ?
Content Delivery/Distribution network is a geographically distributed network of servers which contain a copy of your content (website, video, picture etc.) and provide fast and efficient access to it. Basically, CDN providers have datacenters throughout the world and can serve user a copy of your content from the closest server to speed the process up.
Why is it used?
Here are some of the advantages of using Content Delivery Network.
- Content Delivery Speed – copy of the content is located closer to the user and is delivered much faster.
- Content Uptime – CDN can handle a lot of traffic and still be up if the primary server goes down or is under maintenance.
- Content Security – CDN is fronting your content and can mitigate myriad of cyber security attacks. Like Denial-of-service attacks and web-based exploits (SQLi, cross-site scripting etc.)
- Content Access analytics – data about end-user connectivity, device types, and browsing experiences. Content analytics to measure end-user engagement with content.
HOW IsBehindCDN works?
IsBehindCDN tool is build based on findCDN tool created by Cybersecurity and Infrastructure Security Agency.
It works in real-time and do not provide any previously gathered data. Once you submitted domain name you will receive results in couple of seconds.
CDN Detection is performed by scraping CNAME records, WHOIS data and HTTPS server headers.
You can embed it into your workflows and project utilizing IsBehindCDN API.
Typical Use Cases
This tool was created with 2 main use cases in mind:
- Reconnaissance automation
- CDN Usage Research
Reconnaissance automation
“Classic” recon process starts from subdomain enumeration and then goes on with ports scanning, services fingerprinting and vulnerability scanning.
To streamline and make this process more efficient everybody is automating this workflow as much as possible.
I envision that IsBehindCDN tool can be used right after enumeration to put aside subdomains which are fronted by CDN and exclude them from further steps, as scanning CDN (not the server itself) is not that effective. Or add couple more steps, like try to identify server IP address and then proceed with ports scanning.
CDN Usage Research
Another possible usage is pure research. Multiple analytical questions which can be investigated out of curiosity or boredom.
Like, are CDNs widely adopted? Which industry is the biggest CDN adopter? Which CDN is most popular?
Out of Fortune500 companies what percentage is using CDN? (this one is covered in our own IsBehindCDN Research). Are domains registered within the last quarter, year, 5 years fronted by CDN?
Which websites and/or platforms are fronted by CDN the most? etc.