Lab-Project 1: HTTP Basic Authentication

What You Need

A Linux machine, such as Kali.
Starting Apache
In a Terminal window, execute this command:
service apache2 start
If you see an error saying Apache is not installed, follow the instructions on your screen to
install it.
In a Terminal window, execute this command:
ip addr
(Note: ifconfig is deprecated and ip is preferred.)
Find your IP address.
Click Applications, Internet, "Firefox Web Browser" and enter your IP address in the
URL. You should see a Web page--if your Apache is newly installed, it will be an Apache
default page.
Making the secret Page
In a Terminal window, execute these commands:
mkdir /var/www/html/secret
nano /var/www/html/secret/index.html
In nano, enter the HTML code shown below, replacing YOUR-NAME with your own name:
<html>
<body>
<h1>YOUR-NAME Secret Page</h1>
Protected by HTTP Basic Authentication!
</body>
</html>
Save the file with Ctrl+X, Y, Enter.
In Firefox, append /secret to the IP address to view your page, as shown below:

There was no password required to see this page.

Configuring Basic Authentication
In a Terminal window, execute this command:
nano /etc/apache2/sites-enabled/001-secret.conf
In nano, enter the code shown below:
<Directory "/var/www/html/secret">
DirectoryIndex index.py
AddHandler cgi-script .py
Options Indexes FollowSymLinks MultiViews ExecCGI
AuthType Basic
AuthName "Private Documentation Repository"
AuthUserFile /etc/apache2/.htaccess
Require valid-user
AllowOverride None
Order allow,deny
allow from all
</Directory>
Save the file with Ctrl+X, Y, Enter.
Specifying Username and Password
In a Terminal window, execute this command replacing "YOUR-NAME with your own
name. When you are prompted for a password, enter secretpassword twice.
htpasswd -c /etc/apache2/.htaccess YOUR-NAME

Restart Apache
In a Terminal window, execute this command:
service apache2 restart

Troubleshooting
If Apache won't start, and you see an error message, execute this command to get more
information about the problem:
tail /var/log/syslog

Starting Wireshark
In a Terminal window, execute this command:
wireshark
A box pops up saying "Lua: Error during loading". Press Enter.
In Wireshark, double-click any, as shown below.

Click Start.
Authenticating
In Firefox, refresh the page with your IP address followed by /secret
An "Authentication Required" box pops up, as shown below. Log in with your name and the
password secretpassword

In Wireshark, click Capture, Stop.

In the top section of the Wireshark window, in the Filter bar, erase the text there and type in
this filter.
frame contains Basic
Press Enter.
Two packets are visible, as shown below.
In the Info column, the first one is labelled "HTTP/1.1 401 Authorization Required", and the
second one is labelled "GET /secret/ HTTP/1.1", as shown below.

In the top pane of Wireshark, click "GET /secret/ HTTP/1.1".

In the middle pane, expand the "Hypertext Tranfer Protocol" section.
Scroll down and expand the Authorization section.
The credentials are shown in cleartext, showing your name and the secret password, as shown
below:
Saving the Screen Image
Make sure YOUR-NAME and secretpassword are visible, as shown above.
Click the host computer's desktop. Press the PrntScrn key to capture the entire desktop.
YOU MUST SUBMIT A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
Save this image as a PNG file, named " Lab-Project 1 from YOUR NAME "
Turning in Your Lab-Project
Email the image to [email protected] with a subject of "Lab-Project 1 from YOUR NAME"