Sniffing a browser authentication
A 401 response message is used by an web server to challenge the authorization of a user agent connecting anonymously. After receiving a 401 response, a browser will include an Authorization header field with the next request. The Authorization field contains credentials with the authentication information of the user agent for the resource being requested.
I used Wireshark to sniff this request-response stream on an Apache web server (asking for a virtual host called "/manual" protected by Basic authentication), and it looks like this:
(Repeat TCP sequence again, but browser sends proper credentials this time, and gets a 304 Not Modified response)
I used Wireshark to sniff this request-response stream on an Apache web server (asking for a virtual host called "/manual" protected by Basic authentication), and it looks like this:
| Client | Server |
| SYN | |
| SYN,ACK | |
| ACK | |
| HTTP Request(GET /manual) | |
| ACK | |
| HTTP 401 Authorization Required response to browser including WWW-Authenticate: Basic header | |
| FIN,ACK | |
| ACK | |
| FIN,ACK | |
| ACK |
(Repeat TCP sequence again, but browser sends proper credentials this time, and gets a 304 Not Modified response)
posted on August 06, 2007
| Permalink |
<< Home