Sometimes when testing a web application you want to have total control of what you are sending to the web server. However, sometimes that web application is behind an authenticating proxy. This setup is pretty common in large enterprises.
Authentication is basically accomplished with an HTTP header called "Proxy-Authorization". The header's value is typically a username/password pair that is Base64 encoded.
Suppose your username is "Thomas" and your password is "crown". To form the header's value you would concatenate the username, a colon, and the password in one big string. This would turn out as:
Thomas:crown
You would then Base64 encode this value:
VGhvbWFzOmNyb3du
The final header that you would type in a netcat or telnet session would be:
Proxy-Authorization: Basic VGhvbWFzOmNyb3du
A full example of this in use:
telnet proxy.example.com 80
CONNECT somewebsite.example.com:80 HTTP/1.1
Proxy-Authorization: Basic VGhvbWFzOmNyb3du
GET / HTTP/1.1
Also don't forget to watch the carriage returns. The RFC concerning Proxy-Authorization can be found here: http://www.freesoft.org/CIE/RFC/2068/195.htm
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment