Skip to content

Latest commit

 

History

History
14 lines (8 loc) · 1.1 KB

ajp-Coyote.md

File metadata and controls

14 lines (8 loc) · 1.1 KB

Coyote

Coyote is a Connector component for Tomcat that supports the HTTP 1.1 protocol as a web server. This allows Catalina, nominally a Java Servlet or JSP container, to also act as a plain web server that serves local files as HTTP documents.

AJP

By default, Apache Tomcat listens on 3 ports, 8005, 8009 and 8080.

Port 8005 is less interesting and only allows shutting down the Tomcat server, while port 8009 hosts the exact same functionality as port 8080. The only difference being that port 8009 communicates with the Apache JServ Protocol(AJP) while port 8080 uses HTTP.

The Apache JServ Protocol (AJP) is essentially an optimized binary version of HTTP. This makes communication with the AJP port rather difficult using conventional tools. The simplest solution is to configure Apache as a local proxy, and use common tools such as Hydra and Metasploit to exploit the Tomcat server over AJP by launching attack against local apache webserver instance.

Useful link http://web.archive.org/web/20200311005332/https://ionize.com.au/exploiting-apache-tomcat-port-8009-using-apache-jserv-protocol/