Results 1 to 3 of 3

Thread: Question about the HTTP authorization header.

  1. #1
    Just burned his ISO
    Join Date
    May 2007
    Posts
    24

    Default Question about the HTTP authorization header.

    Hey everyone. I have recently started going through the WebGoat web application security CD, and the latest thing to do was find out the name for the authorization header and what the base64 encoded value was. Now, having logged in as guest/guest its no surprise when thats what it decodes to, but my question is does that mean if an .htaccess file is used for authentication then all you have to do is sniff the http packets and decoded the authorization header? That seems too easy so thats why I'm asking what step(s) am I missing? The authorization header is sent with every http header, so it's not like you would have to sniff it right as the user logged on.

    Thanks for the input, its really appreciated.

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Seems there's a simple way to find out, try it on yourself.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Just burned his ISO
    Join Date
    May 2007
    Posts
    24

    Default

    that will definitely happen this weekend. However, with work and school I have been a little swamped lately, hence a forum post asking for any general explanation or a little useful input...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •