HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 23 guests and 1 member online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Programmingarrow HTTP 401 << AnyOne with HTTP ???
Ethical Hacker Community Forums
January 08, 2009, 09:39:40 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2009 - May 4 - 9. Boot Camps & an Ethical Hacking Conf. www.chicagocon.com
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: HTTP 401 << AnyOne with HTTP ???  (Read 2624 times)
0 Members and 1 Guest are viewing this topic.
teamer
Newbie
*
Offline Offline

Posts: 9


View Profile
« on: June 28, 2008, 12:45:23 PM »
hi friends ,i have some problems with the HTTP protocol , scually am not very familiar with HTTP , but i developed a software which has an option of retrieving webpage source code , but some pages are 401 forbidden , i tried to see the data that IE sends to the server when i input a username and password , acually i found that it just sends a normal GET request without any existance of a username or a password !!! can any one help me with this ? my question is how can i send a username and password to a 401 forbidden page Huh , thank you .
Logged
shakuni
Jr. Member
**
Offline Offline

Posts: 78


View Profile
« Reply #1 on: June 28, 2008, 04:19:33 PM »
Quote
my question is how can i send a username and password to a 401 forbidden page
This question should be restated as
How should I send a username and password to a web resource so that I do not get 401.
Actually the language of question shows that you have very superficial understanding of HTTP protocol. So go read rfc 2616 first, especially status codes that are described here- http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html.
Logged
There is no rule, law or tradition that apply universally... including this one.
jimbob
Sr. Member
****
Offline Offline

Posts: 332



View Profile WWW
« Reply #2 on: June 30, 2008, 01:47:29 PM »
Usually what is being asked for it HTTP basic authentication. Your program will need to sent an Authorization: HTTP header, assuming you know the username and password. Take a look at the example on the Wikipedia page.

http://en.wikipedia.org/wiki/Basic_access_authentication

Regards,
Jimbob
Logged
teamer
Newbie
*
Offline Offline

Posts: 9


View Profile
« Reply #3 on: July 04, 2008, 03:08:59 AM »
Quote from: shakuni on June 28, 2008, 04:19:33 PM
How should I send a username and password to a web resource so that I do not get 401.

hahaha thanks shakuni , acually am very bad in english , second how you will know if that web resource would send you a 401 page or a normal 200 page if you didn't send the normal GET headers first !.

but really thank you , and thank you jimbob too , that wiki was very usefull also , they should merge the 2 sources together somehow .

Thanks
Logged
jimbob
Sr. Member
****
Offline Offline

Posts: 332



View Profile WWW
« Reply #4 on: July 04, 2008, 08:56:56 AM »
[quote author=teamer link=topic=2641.msg12197#msg12197
how you will know if that web resource would send you a 401 page or a normal 200 page if you didn't send the normal GET headers first !.
[/quote]
What happens is you send the normal GET request and the web servers sends back a 401 response. In the response headers there is information about the authenication required to access the page. If I access my home ADSL router for example I get offered Basic and Digest authentication for the realm SpeedTouch.

Code:
HTTP/1.x 401 Unauthorized
Content-Length: 139
WWW-Authenticate: Digest realm="SpeedTouch", nonce="0732JT3ED:00-14-7F-F7-06-1F:480233:22601", qop="auth"
WWW-Authenticate: Basic realm="SpeedTouch"

This is how your web browser knows to prompt you for a username and password. When your browser receives the WWW-Authenticate header it prompts you for a username and password which it then sends along with the next request.

Jimbob
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2007, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.052 seconds with 23 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
How many security events including conferences and training do you attend a year:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2009 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.