Detecting Load Balancer using Kali Linux

Published by Paresh Pawar
on May 19, 2018

Load Balancers is a method used by my websites and organizations to distribute network or application traffic or load upon a cluster of servers. This way, Application or website operates effectively and can maintain it's uptime, using load balancers increases the reliability with better responsiveness.

When load/traffic increases the load balancer immediately send the traffic to a new server to maintain speed and uptime. in general, there are two categories of load balancers:

  1. Layer 4 (L4) load balancers, these are also known as DNS load balancers
  2. Layer 7 (L7) load balancers, these are also known as HTTP load balancers

Normally, if a single host resolves to a number of IP addresses, then it is probably using a load balancer. We will use dig utility in Linux to resolve hostnames into IPs.

terminal
root@kali:~# dig google.com

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 53 IN A 64.233.177.102
google.com. 53 IN A 64.233.177.113
google.com. 53 IN A 64.233.177.138
google.com. 53 IN A 64.233.177.139
google.com. 53 IN A 64.233.177.100
google.com. 53 IN A 64.233.177.101

;; Query time: 2 msec

There is Script in Kali Linux called Load Balancer Detector (lbd) which could be used for detecting load balancers. lbd is capable of detecting DNS and HTTPs load balancers. It analyzes application response data to detect load balancers. note: this is not 100% accurate and we are doing this for educational purposes only.

terminal
root@kali:~# lbd www.facebook.com

lbd - load balancing detector 0.4 - Checks if a given domain uses load-balancing.
Written by Stefan Behte (http://ge.mine.nu)
Proof-of-concept! Might give false positives.

Checking for DNS-Loadbalancing: NOT FOUND
Checking for HTTP-Loadbalancing [Server]:

NOT FOUND

Checking for HTTP-Loadbalancing [Date]: 08:44:27, 08:44:28, 08:44:29, 08:44:29, 08:44:30, 08:44:32, 08:44:33, 
08:44:34, 08:44:35, 08:44:35, 08:44:36, 08:44:36, 08:44:38, 08:44:39, 08:44:40, 08:44:41, 08:44:41, 08:44:43, 
08:44:45, 08:44:45, 08:44:45, 08:44:47, 08:44:47, 08:44:48, 08:44:54, 08:44:55, 08:44:56, 08:44:57, 08:44:58, 
08:44:58, 08:44:59, 08:45:00, 08:45:00, 08:45:01, 08:45:01, 08:45:01, 08:45:02, 08:45:03, 08:45:04, 08:45:05, 
08:45:05, 08:45:06, 08:45:07, 08:45:08, 08:45:08, 08:45:09, 08:45:09, 08:45:10, 08:45:11, 08:45:12, 08:45:12, NOT FOUND

Checking for HTTP-Loadbalancing [Diff]: FOUND
< X-FB-Debug: 8xBgmXzvJ352lqVLYzCI9dd8/VnVDB6uF8TmRYcRZglKbldcvqoIThijavdk+8FVW3uwjieu5U+QY71wyRqy5g==
> X-FB-Debug: GhBpfAttwVxgYGZxnfObInwB+FglNUT1ddBbRSFjlxJmUpmT7pDV7FfQC4B0upZx+h4XBBdnMK7Xg62/CF3s7g==

www.facebook.com does Load-balancing. Found via Methods: HTTP[Diff]

That's all for this post in next we will learn more about information gathering techniques. Subscribe the blog via mail or RSS.

Article last updated: November 6, 2023

Category: hacking

Author

Paresh R Pawar

Why Not to Use Cracked Software?
April 16, 2018
We all use multiple applications every day and those applications became a very important part Read more...
Introduction to Linux
July 26, 2018
You are reading this video then you might have heard about Linux. Linux is a family of open sou Read more...