<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d11356004\x26blogName\x3dxception\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttp://openrent.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://openrent.blogspot.com/\x26vt\x3d-2179510228592399674', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Sniffing a browser authentication

A 401 response message is used by an web server to challenge the authorization of a user agent connecting anonymously. After receiving a 401 response, a browser will include an Authorization header field with the next request. The Authorization field contains credentials with the authentication information of the user agent for the resource being requested.

I used Wireshark to sniff this request-response stream on an Apache web server (asking for a virtual host called "/manual" protected by Basic authentication), and it looks like this:











ClientServer
SYN
SYN,ACK
ACK
HTTP Request(GET /manual)
ACK
HTTP 401 Authorization Required response to browser including WWW-Authenticate: Basic header
FIN,ACK
ACK
FIN,ACK
ACK

(Repeat TCP sequence again, but browser sends proper credentials this time, and gets a 304 Not Modified response)