HTTP Basic Authentication Review with Wireshark
Basic HTTP Authentication Review
check out the LMTV show i did covering the article
• LMTV WTF | HTTP Basic Authentication ...
One of the things I keep my eyes peeled for are items that involve security implications.
Full disclaimer, I am not a security guru, nor do I profess to be one but I do understand some of the more obvious issues.
For example many of you are probably familiar with the term ‘clear text’. This is when you data or credentials are transmitted in a text format. Obviously this is not a good thing since anyone who happens to intercept this data will be able to easily see your data or credentials.
Hence the introduction of encryption when your data is encoded in such a manner that only authorized applications can read the data. Unfortunately as many people know, different types of encryption have their weaknesses.
In this video I cover the most simplest of http authentication; HTTP Basic. With this method, your data is encoded with Base64 in transit. Some people even go as far as stating this is encrypted, but I don’t want to go down that rabbit hole. Suffice to say that we can all agree the data is no longer in clear text.
I show you that with Wireshark, and no additional downloads, plugins or scripts, Wireshark will decode the Authorization string, revealing the credentials. The syntax presente3d is simply username:password.
Please keep in mind that this something specific to Wireshark, so you should take a moment to try your own protocol analyzer to see how it fairs.
Смотрите видео HTTP Basic Authentication Review with Wireshark онлайн, длительностью часов минут секунд в хорошем качестве, которое загружено на канал The Technology Firm 19 Ноябрь 2015. Делитесь ссылкой на видео в социальных сетях, чтобы ваши подписчики и друзья так же посмотрели это видео. Данный видеоклип посмотрели 25,322 раз и оно понравилось 75 посетителям.
