HTTP Basic Authentication Primer

In this video, Tony Fortunato discusses the simple form of HTTP authentication and shows how to verify an application is using it via Wireshark.

Tony Fortunato

November 30, 2015

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

One of the things I keep my eyes peeled for are items that involve security implications. Full disclaimer: I am not a security guru nor do I profess to be one, but I do understand some of the more obvious issues.

For example, many of you are probably familiar with the term "clear text." This is when data or credentials are transmitted in a text format. Obviously, this is not a good thing since anyone who happens to intercept sensitive data will be able to easily see it..

Hence, the introduction of encryption so that your data is encoded in such a manner that only authorized applications can read the data. Unfortunately, as many people know, different types of encryption have their weaknesses.

In this video I cover the simplest form of HTTP authentication: HTTP Basic. With this method, your data is encoded with Base64 in transit. Some people even go as far as calling this encryption, but I don’t want to go down that rabbit hole. Suffice to say, we can all agree the data is no longer in clear text.

I show you that with Wireshark and no additional downloads, plugins or scripts, you can see if an application is using HTTP Basic. Wireshark will decode the authorization string, revealing the credentials. The syntax presented is simply username:password.

Please keep in mind that this something specific to Wireshark, so you should take a moment to try your own protocol analyzer to see how it fares.

About the Author

Tony Fortunato

Tony Fortunato

Sr Network Performance Specialist

Tony Fortunato is a network performance expert who has been designing, implementing and troubleshooting networks since 1989. His company, The Technology Firm, provides clients of all sizes with services ranging from project management, network design, consulting, troubleshooting, designing custom-designed training courses, and assisting with equipment installation. Tony's experience in networking started with financial trading floor networks and ISPs, where he learned to integrate and support equipment from various vendors. Tony has taught and presented at numerous colleges and universities, public forums and private classes. He blogs frequently at NetworkDataPediaand has a popular YouTube channel.

See more from Tony Fortunato
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Integrating the new APs into Dartmouth’s existing network infrastructure was no small feat. Mist’s AI-driven insights made this easier.
Network Management
How Dartmouth College Leveraged AI To Modernize Its Network in One Weekend
How Dartmouth College Leveraged AI To Modernize Its Network in One Weekend

Sep 12, 2024

Extensive communications outages from Hurricane Helene drive home the need for new approaches to strengthen network resiliency.
Network Resilience
Hurricane Helene Communications Outages Show Need for Greater Network Resilience
Hurricane Helene Outages Show Need for Greater Network Resilience

Oct 3, 2024

Satellite services could bridge the digital divide in remote areas through partnerships like the SoftBank-Intelsat collaboration announced last month.
Network Infrastructure
Intelsat, SoftBank Plan Ubiquitous Satellite Connectivity Network
Intelsat, SoftBank Plan Ubiquitous Satellite Connectivity Network

Oct 9, 2024

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events