Seems there's a simple way to find out, try it on yourself.
Question about the HTTP authorization header.
Hey everyone. I have recently started going through the WebGoat web application security CD, and the latest thing to do was find out the name for the authorization header and what the base64 encoded value was. Now, having logged in as guest/guest its no surprise when thats what it decodes to, but my question is does that mean if an .htaccess file is used for authentication then all you have to do is sniff the http packets and decoded the authorization header? That seems too easy so thats why I'm asking what step(s) am I missing? The authorization header is sent with every http header, so it's not like you would have to sniff it right as the user logged on.
Thanks for the input, its really appreciated.
Seems there's a simple way to find out, try it on yourself.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
that will definitely happen this weekend. However, with work and school I have been a little swamped lately, hence a forum post asking for any general explanation or a little useful input...
Posting Permissions