EvilZone
Hacking and Security => Beginner's Corner => : theotheo36 September 21, 2015, 10:15:51 PM
-
I was wondering what the best way is to hack HTTP auth. Most tutorials show you how to use a dictionary attack or brute force. I don't want to use either of those and was wondering if there are any vulnerabilities in HTTP auth that would help me?
-
I was wondering what the best way is to hack HTTP auth. Most tutorials show you how to use a dictionary attack or brute force. I don't want to use either of those and was wondering if there are any vulnerabilities in HTTP auth that would help me?
Have you done any research on this yet?
-
@blindfuzzy I have and all the things I have found are brute force/dictionary attack.
-
@blindfuzzy I have and all the things I have found are brute force/dictionary attack.
You might want to learn about fuzzers, this introduces a whole lot more to learn ,thats a good thing.
-
there are no vulnerablities in HTTP auth bcause it requests a client-based (browser) connection to the server.
all you can do is to try a bruteforce attack (mostly easy bcause you have infinite trials; hydra in combination with rockyou.txt may help) or fetch the header of a logged in user (username and password is base64 encoded).
-
I don't think you made a good effort to search about it. The answer exist in our forum itself. I made a comment with a possible bypass of HTTP basic auth. Have a look:
https://evilzone.org/hacking-and-security/http-1-1-basic-authentication-bypass-possible/msg105223/#msg105223 (https://evilzone.org/hacking-and-security/http-1-1-basic-authentication-bypass-possible/msg105223/#msg105223)
This is one of the way though not always working but depends on how it is configured.
There is no best way except your brains and no specific method, it very on every web application.
Cheeerrzzz!!