HTTP
HTTP GET
HTTP Digest auth
--anyauth
# Server-side
auth_required
HTTP/1.1 401 Authorization Required swsclose
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
WWW-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"
WWW-Authenticate: Basic realm="gimme all yer s3cr3ts"
WWW-Authenticate: Digest realm="gimme all yer s3cr3ts", nonce="11223344"
Content-Type: text/html; charset=iso-8859-1
Connection: close
This is not the real page
# The second URL will get this response
HTTP/1.1 401 Authorization Required swsclose
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
WWW-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"
WWW-Authenticate: Basic realm="gimme all yer s3cr3ts"
WWW-Authenticate: Digest realm="gimme all yer s3cr3ts", nonce="11223344"
Content-Type: text/html; charset=iso-8859-1
Connection: close
This is not the real page
# This is supposed to be returned when the server gets a
# Authorization: Digest line passed-in from the client
HTTP/1.1 200 OK swsclose
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
Content-Type: text/html; charset=iso-8859-1
Content-Length: 23
Connection: close
This IS the real page!
# This is the second request
HTTP/1.1 200 OK swsclose
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
Content-Type: text/html; charset=iso-8859-1
Content-Length: 23
Connection: close
This IS the second real page!
HTTP/1.1 401 Authorization Required swsclose
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
WWW-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"
WWW-Authenticate: Basic realm="gimme all yer s3cr3ts"
WWW-Authenticate: Digest realm="gimme all yer s3cr3ts", nonce="11223344"
Content-Type: text/html; charset=iso-8859-1
Connection: close
HTTP/1.1 200 OK swsclose
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
Content-Type: text/html; charset=iso-8859-1
Content-Length: 23
Connection: close
This IS the real page!
# Client-side
http
!SSPI
crypto
HTTP GET with --anyauth with two URLs (picking Digest)
http://%HOSTIP:%HTTPPORT/%TESTNUMBER -u testuser:testpass --anyauth http://%HOSTIP:%HTTPPORT/%TESTNUMBER0001
# Verify data after the test has been "shot"
GET /%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
User-Agent: curl/%VERSION
Accept: */*
GET /%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Digest username="testuser", realm="gimme all yer s3cr3ts", nonce="11223344", uri="/%TESTNUMBER", response="0390dbe89e31adca0413d11f91f30e7f"
User-Agent: curl/%VERSION
Accept: */*
GET /%TESTNUMBER0001 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
User-Agent: curl/%VERSION
Accept: */*
GET /%TESTNUMBER0001 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Authorization: Digest username="testuser", realm="gimme all yer s3cr3ts", nonce="11223344", uri="/%TESTNUMBER0001", response="0085df91870374c8bf4e94415e7fbf8e"
User-Agent: curl/%VERSION
Accept: */*