Monday, April 2, 2018

Capturing HTTP Basic Authentication credentials with Wireshark


- Layout for this exercise:

- This exercise is based in the previous post Setting up HTTP Basic Authentication.

- Launching the sniffer Wireshark, the Kali Linux machine is able to capture all packets crossing its interface eth0:

- Whe the user from Kali tries to access the web page "/basicauth/index.html" the Apache web server responds with the challenge for Authentication requirement. I
ntroducing the credentials:

username = admin
password = ababa

- As expected the access is successful:

- Setting up a filter that limits packets only to those exchanged between Kali ( and Ubuntu Apache server (, we can look into the packets captured by Wireshark.

- Once Kali has sent the correct credentials the server responds with a 200 OK message:

- However, opening the first packet it is clear that Basic authentication has been used, also displaying the string corresponding to the credentials.

- The credentials have been sent without encryption, but encoded with Base64, and the correspondig string can be copied for further study:

- Now, a Python script can be used to decode the Base64 string and reveal the correct credentials: 'admin:ababa'

- Also, Wireshark captures the HTML text response from the server, corresponding to the web page resource: