HTTP Basic Authentication Review with Wireshark
Basic HTTP Authentication Review
check out the LMTV show i did covering the article
• LMTV WTF | HTTP Basic Authentication ...
One of the things I keep my eyes peeled for are items that involve security implications.
Full disclaimer, I am not a security guru, nor do I profess to be one but I do understand some of the more obvious issues.
For example many of you are probably familiar with the term ‘clear text’. This is when you data or credentials are transmitted in a text format. Obviously this is not a good thing since anyone who happens to intercept this data will be able to easily see your data or credentials.
Hence the introduction of encryption when your data is encoded in such a manner that only authorized applications can read the data. Unfortunately as many people know, different types of encryption have their weaknesses.
In this video I cover the most simplest of http authentication; HTTP Basic. With this method, your data is encoded with Base64 in transit. Some people even go as far as stating this is encrypted, but I don’t want to go down that rabbit hole. Suffice to say that we can all agree the data is no longer in clear text.
I show you that with Wireshark, and no additional downloads, plugins or scripts, Wireshark will decode the Authorization string, revealing the credentials. The syntax presente3d is simply username:password.
Please keep in mind that this something specific to Wireshark, so you should take a moment to try your own protocol analyzer to see how it fairs.
Watch video HTTP Basic Authentication Review with Wireshark online, duration hours minute second in high quality that is uploaded to the channel The Technology Firm 19 November 2015. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 25,322 times and liked it 75 visitors.
