https://stackoverflow.com/questions/14607213
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianMost likely, you don't see the password because the page is using HTTP basic authentication which encodes the username and password using base64. Look for a string like:
Authorization: SomeRealmName QWxhZGRpbjpvcGVuIHNlc2FtZQ==
how a password is sent in HTTP protocol?
-
06-03-2022 - |
Question
am sorry for this dumb question, but am using RawCap to detect packets sent and received to learn what is sent in HTTP, and the page is a simple application made using Tornado and MongoDB, when i capture packets, i dont find the password in any packet sent.
Why? i dont use any encrypted protocole like HTTPS, it's a simple HTTP and cant see the password.
here is the file: The result
as you can see, Mongodb answers the value of the database, and brings the password as it is saved (PBKDF2), but cant see the one sent from the first time.
Solution
OTHER TIPS
If you're using Basic authentication, then the password is base 64 encoded. ENCODED not encrypted. Look for something like this in your packets: Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
