Wireshark reveals Basic Web Authentication flaw

Home > Blogs > Cisco > Wireshark reveals Basic Web Authentication flaw

Wireshark reveals Basic Web Authentication flaw

Like This Blog 1 Mark Jacob
Added by September 4, 2015

If you spend much time in a position of responsibility within a company’s network, you will likely have need from time to time to stoop down beside the traffic flow and peer inside. A great tool for this task is Wireshark. I want to share a cool thing which can be done with Wireshark. This is not some new untrodden path, but for the up-and-coming network admins who pass my way, this may be something you haven’t seen before.

For an in-depth instructor-led training on Wireshark, see our 4-day course SHARK300: Advanced Network Analysis and Troubleshooting with Wireshark

I want to demonstrate that seeing something with your own eyes often has a longer-lasting impact on your psyche than just reading about it. I can tell you to look both ways before crossing the street, but get your Smartphone slapped out of your hand by a passing car JUST ONCE will forever ingrain in your brain the wisdom of checking for clearance.

So I want to look upon this with my own eyes (scene: Darth Vader’s helmet being removed) to experience what a lack of attention to authentication strategy can do. I have a web server ready to receive clients. I have a client ready to access this web server. I have a third machine which is just leaning on a shovel. Well, leaning and also monitoring packets (translation: running Wireshark). I have configured a capture filter to include only port 80 traffic, to cut down on the output. To access the capture options, click the icons as shown in figure 1:


Figure 1

When you hover, it will display “Show the capture options.” In the window that appears, go to the box beside the Capture Filter button and type port 80. Then click the Start button down below to begin capturing only your desired packets. This is shown in figure 2.


Figure 2

Now that the capture is occurring, I go to my client machine and attempt to browse the home page of my server machine. I am prompted for credentials – username and password. I enter the requested credentials and am granted access. Flip back to my Wireshark box and stop the capture and examine the output. The output is shown in figure 3:


Figure 3

By selecting Frame 8, which contains the Info string “GET / HTTP/1.1, I spy my Basic Authentication piece of this transaction in the window below. Notice the section entitled Authorization. There is an alphanumeric string on the right. If I go to my handy-dandy online Base64 decoder, I can see something quite interesting.


Figure 4

I used base64decode.org, but there are numerous resources available to decode Base64. It’s that easy. However, if that is too much effort, there is an even faster way to see those credentials in clear text. If you re-examine figure 3, you notice a ‘+’ sign to the left of the string I have highlighted. If you expand that, note the result in figure 5:


Figure 5

There are the credentials in clear text, and I never had to exit Wireshark to see them. This shows clearly that Basic Authentication has serious flaws as a web authenticator. As mentioned, you have probably heard this many times, but to see how easy it is to reveal supposedly confidential information is an eye-opener.

I highly recommend gaining experience using Wireshark and in fact, if you watch our course offerings here at Interface Technical Training, we have a 4-day Wireshark class available SHARK300: Advanced Network Analysis and Troubleshooting with Wireshark

Feel free to post any comments about your own Wireshark coolness….

Mark Jacob
Cisco and CompTIA Network + Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

Agile Methodology in Project Management

0 185 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

An Overview of Office 365 – Administration Portal and Admin Center

0 960 3

This is part 1 of our 5-part Office 365 free training course. In this Office 365 training video, instructor Spike Xavier introduces some of the most popular services found in Microsoft Office 365 including the Admin Portal and Admin Center. For instructor-led Office 365 training classes, see our course schedule: Spike Xavier SharePoint Instructor – … Continue reading An Overview of Office 365 – Administration Portal and Admin Center

Creating Users and Managing Passwords in Microsoft Office 365

0 809 5

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.   For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365    

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.