Scribd
Upload
3 views

Lab 1

This document outlines the steps for setting up HTTP Basic Authentication on an Apache server using a Linux machine, specifically Kali. It includes instructions for starting Apache, creating a secret page, configuring authentication, specifying a username and password, and using Wireshark to capture authentication data. Additionally, it prompts users to explore more secure authentication methods and submit their work in a specified format.

Uploaded by

truclxhse171991
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
3 views

Lab 1

This document outlines the steps for setting up HTTP Basic Authentication on an Apache server using a Linux machine, specifically Kali. It includes instructions for starting Apache, creating a secret page, configuring authentication, specifying a username and password, and using Wireshark to capture authentication data. Additionally, it prompts users to explore more secure authentication methods and submit their work in a specified format.

Uploaded by

truclxhse171991
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Lab 1 - HTTP BASIC AUTHENTICATION

Name: (required)
Student ID: (required)

0. What You Need


A Linux machine, recommended Kali.

1. Starting Apache
In a Terminal window, execute this command:
service apache2 start
If you see an error saying Apache is not installed, install it using below command:
sudo apt install apache2
In a Terminal window, execute this command:
ip addr
(Note: ifconfig is deprecated and ip is preferred.)
Find your IP address.
Click Applications, Internet, "Firefox Web Browser" and enter your IP address in the
URL. You should see a Web page--if your Apache is newly installed, it will be an Apache
default page.

2. Creating the secret Page


In a Terminal window, execute these commands, you many need sudo to proceed:
mkdir /var/www/html/secret
nano /var/www/html/secret/index.html
In nano, enter the HTML code shown below, replacing YOUR-NAME with your own
name:
<html>
<body>
<h1>HOD401-SP25 Secret Page</h1>
Protected by HTTP Basic Authentication!
<br>Copyright 2025 by YOUR-NAME.
</body>
</html>
Save the file with Ctrl+X, Y, Enter.
In Firefox, append /secret to the IP address to view your page, provide screenshot.

Was there any password required to see this page?

3. Configuring Basic Authentication


In a Terminal window, execute this command:
nano /etc/apache2/sites-enabled/001-secret.conf
In nano, enter the code shown below:
<Directory "/var/www/html/secret">
DirectoryIndex index.py
AddHandler cgi-script .py
Options Indexes FollowSymLinks MultiViews ExecCGI
AuthType Basic
AuthName "Private Documentation Repository"
AuthUserFile /etc/apache2/.htaccess
Require valid-user
AllowOverride None
Order allow,deny
allow from all
</Directory>
Save the file with Ctrl+X, Y, Enter.

4. Specifying Username and Password


In a Terminal window, execute this command replacing "YOUR-NAME” with your own
name. When you are prompted for a password, enter yourpassword twice.
htpasswd -c /etc/apache2/.htaccess YOUR-NAME
5. Restart Apache
In a Terminal window, execute this command: service apache2 restart
6. Starting Wireshark
In a Terminal window, execute this command:
wireshark
In Wireshark, double-click any, as shown below. Click Start.
7. Authenticating
In Firefox, refresh the page with your IP address followed by /secret
An "Authentication Required" box pops up. Log in with yourname and the
password yourname25
In Wireshark, click Stop.
In the Info column, find the one is labelled "GET /secret/ HTTP/1.1"
In the top pane of Wireshark, click "GET /secret/ HTTP/1.1".
In the middle pane, expand the "Hypertext Tranfer Protocol" section.
Scroll down and expand the Authorization section.
The credentials are shown in cleartext, showing your name and your password.
Capture and paste the screenshot here.

8. Authentication type:

Try another authentication type which is more secure than Basic.

Can you see the password as plaintext as before? Show the result.

9. Submission: name this file as "YourName_StudentID_Lab1" in docx / PDF format.

You might also like