.htaccess Auth Headers?

[AbydosGater]

Hey Guys, This is probs the wrong place to ask this but it seams to suit the question best.

I have tried using a sniffer but i cant find them,

Does anyone know the headers that are sent to a server for a HTTP Auth (.htaccess login)? As in if i fill in the popup with username and pass and click login.. What headers does the browser send to the server?

 

 

Thanks

[AbydosGater]

Ok, Im replying to this as i dont have a modify button anymore..

I have found a section on the HTTP that says:

      user-pass  = userid ":" password

      userid      = *<TEXT excluding ":">

      password    = *TEXT

 

  Userids might be case sensitive.

 

  If the user agent wishes to send the userid "Aladdin" and password

  "open sesame", it would use the following header field:

 

      Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

 

I found that http://www.ietf.org/rfc/rfc2617.txt <-- Here under [Page 5]..

So if i read that correct.. to login you have to send the header:

 

Authorization: Basic **Encrypted Details Here**

 

And the encrypted details should be user:password..

If i am correct.. what method is used to encrypted the details?

 

Andy

[steviewdr]

This might be a suitable article for you to read:

http://www.sitepoint.com/article/http-authentication-php

 

As for "Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" Im not sure. I havnt seen the user name MD5'd for htaccess.

 

The application htpasswd generates password hashes for apache.

 

-steve