Monday, April 2, 2018

Calculating HTTP Digest Authentication parameters with Wireshark and Python


- Layout for this exercise:

- This  exercise is based in the previous post Setting up HTTP Digest Authentication.

- HTTP Digest Authentication (DA) applies a hash function to the username and password before sending the credentials over the network.

- DA was originally specified by RFC 2069, although it was later replaced by the more secure RFC 2617. For instance, the new standard protects against the chosen-plaintext attack cryptanalysis.

- The process consists of 3 steps:

1) H1 = MD5 (username:realm:password)
2) H2 = MD5(method:URI)
3) response = MD5(H1:Nonce:NonceCount:ClientNonce:qop:H2)

- Nonce is randomly generated by the server and helps preventing reply attacks due to the presence of timestamp; NonceCount prevents reuse of nonces (the value increments each time a new request is done); ClientNonce is created by the user and prevents collision attacks from rainbow tables; and qop ("auth" for authentication) is the quality of protection.

- Since client and server share same information, both parties perform their own calculation for the "response".

- Once the server receives the "response" from the client, it verifies whether there is a match with its own calculation. Only in case of matching then the server allows authorization to the resources.

- The goal of this exercise is to illustrate how HTTP DA (RFC 2617) calculates the "response" using repeatedly the algorithm MD5.

- First of all, let's launch the sniffer Wireshark at the Kali machine, filtering packets for just the HTTP protocol:

- The client Kali tries to access the web resource and the server responds with an authentication requirement:

- Once the client enters the correct credentials, the server allows access to the web page:

- Now, let's examine the packets captured by Wireshark, limiting to those exchanged by the client ( and the server (

- The third packet corresponds to the client sending the correct credentials, because the next one (the fourth) corresponds to the 200 OK successful answer from the server:

- Opening the third packet, all the parameters used in the DA transaction are displayed:

- Copying the parameters to a text file for further study:

- Now, all parameters are available so that we can reproduce the calculations performed by server and client:

- Using a Python script with the previous parameters:

- The "response" is finally calculated:

- We can check that our "response" is equal to the "response" calculated by server and client in the previous example: