Monday, April 2, 2018
Capturing HTTP Basic Authentication credentials with Wireshark
CAPTURING HTTP BASIC AUTHENTICATION CREDENTIALS WITH WIRESHARK
- Layout for this exercise:
- This exercise is based in the previous post Setting up HTTP Basic Authentication.
- Launching the sniffer Wireshark, the Kali Linux machine is able to capture all packets crossing its interface eth0:
- Whe the user from Kali tries to access the web page "/basicauth/index.html" the Apache web server responds with the challenge for Authentication requirement. Introducing the credentials:
username = admin
password = ababa
- As expected the access is successful:
- Setting up a filter that limits packets only to those exchanged between Kali (192.168.1.13) and Ubuntu Apache server (192.168.1.15), we can look into the packets captured by Wireshark.
- Once Kali has sent the correct credentials the server responds with a 200 OK message:
- However, opening the first packet it is clear that Basic authentication has been used, also displaying the string corresponding to the credentials.
- The credentials have been sent without encryption, but encoded with Base64, and the correspondig string can be copied for further study:
- Now, a Python script can be used to decode the Base64 string and reveal the correct credentials: 'admin:ababa'
- Also, Wireshark captures the HTML text response from the server, corresponding to the web page resource: