HTTP Basic Authentication Primer

In this video, Tony Fortunato discusses the simple form of HTTP authentication and shows how to verify an application is using it via Wireshark.

Tony Fortunato

November 30, 2015

1 Min Read
Network Computing logo

One of the things I keep my eyes peeled for are items that involve security implications. Full disclaimer: I am not a security guru nor do I profess to be one, but I do understand some of the more obvious issues.

For example, many of you are probably familiar with the term "clear text." This is when data or credentials are transmitted in a text format. Obviously, this is not a good thing since anyone who happens to intercept sensitive data will be able to easily see it..

Hence, the introduction of encryption so that your data is encoded in such a manner that only authorized applications can read the data. Unfortunately, as many people know, different types of encryption have their weaknesses.

In this video I cover the simplest form of HTTP authentication: HTTP Basic. With this method, your data is encoded with Base64 in transit. Some people even go as far as calling this encryption, but I don’t want to go down that rabbit hole. Suffice to say, we can all agree the data is no longer in clear text.

I show you that with Wireshark and no additional downloads, plugins or scripts, you can see if an application is using HTTP Basic. Wireshark will decode the authorization string, revealing the credentials. The syntax presented is simply username:password.

Please keep in mind that this something specific to Wireshark, so you should take a moment to try your own protocol analyzer to see how it fares.

About the Author(s)

Tony Fortunato

Sr Network Performance Specialist

Tony Fortunato is a network performance expert who has been designing, implementing and troubleshooting networks since 1989. His company, The Technology Firm, provides clients of all sizes with services ranging from project management, network design, consulting, troubleshooting, designing custom-designed training courses, and assisting with equipment installation. Tony's experience in networking started with financial trading floor networks and ISPs, where he learned to integrate and support equipment from various vendors. Tony has taught and presented at numerous colleges and universities, public forums and private classes. He blogs frequently at NetworkDataPediaand has a popular YouTube channel.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights