Scribd
Upload
236 views1 page

Wireshark HTTP Lab.2

This document discusses examining HTTP authentication by accessing a password protected website and observing the network traffic. The username is "wireshark-students" and password is "network". When accessing the site, the browser sends an initial HTTP GET request that receives a 401 status code requiring authentication. On the second request, the browser includes an "Authorization: Basic" header encoding the username and password in Base64 format, rather than encrypting the credentials. Viewing the encoded value at a Base64 decoder shows the original username and password in plain text.

Uploaded by

Miguel Angel Alvarado Ramos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
236 views1 page

Wireshark HTTP Lab.2

This document discusses examining HTTP authentication by accessing a password protected website and observing the network traffic. The username is "wireshark-students" and password is "network". When accessing the site, the browser sends an initial HTTP GET request that receives a 401 status code requiring authentication. On the second request, the browser includes an "Authorization: Basic" header encoding the username and password in Base64 format, rather than encrypting the credentials. Viewing the encoded value at a Base64 decoder shows the original username and password in plain text.

Uploaded by

Miguel Angel Alvarado Ramos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

HTTP Lab.

4 HTTP Authentication
Finally, let’s try visiting a web site that is password-protected and examine the sequence
of HTTP message exchanged for such a site. The URL
http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html is
password protected. The username is “wireshark-students” (without the quotes), and the
password is “network” (again, without the quotes). So let’s access this “secure”
password-protected site. Do the following:
• Make sure your browser’s cache is cleared, as discussed above, and close down
your browser. Then, start up your browser
• Start up the Wireshark packet sniffer
• Enter the following URL into your browser
http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-
file5.html
Type the requested user name and password into the pop up box.
• Stop Wireshark packet capture, and enter “http” in the display-filter-specification
window, so that only captured HTTP messages will be displayed later in the
packet-listing window.

Answer the following questions1:


1. What is the server’s response (status code and phrase) in response to the initial
HTTP GET message from your browser?
2. When your browser’s sends the HTTP GET message for the second time, what
new field is included in the HTTP GET message?

The username (wireshark-students) and password (network) that you entered are encoded
in the string of characters (d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=) following
the “Authorization: Basic” header in the client’s HTTP GET message. While it
may appear that your username and password are encrypted, they are simply encoded in a
format known as Base64 format. The username and password are not encrypted! To see
this, go to http://www.motobit.com/util/base64-decoder-encoder.asp and enter the
base64-encoded string d2lyZXNoYXJrLXN0dWRlbnRz and decode. Voila! You have
translated from Base64 encoding to ASCII encoding, and thus should see your username!
To view the password, enter the remainder of the string Om5ldHdvcms= and press
decode.

**Escribe una conclusion de aprendizaje de cada


experiencia realizada 1-4**
1
If you’re unable to run Wireshark on a live network connection, you can download the zip file
http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces-8.1.zip and extract the trace file http-
wireshark-trace5-1.

You might also like