Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Getting round website authentication with Firefox

from [James Tait] Network Security [Permanent Link]
Subject: Re: Getting round website authentication with Firefox
Date: Thu, 28 Jul 2005 09:24:22 +0100 
account.throw@gmail.com wrote:

Using firefox's "save target as" feature, you can get round web
authentication.

Make a password protected directory (with a video file inside) (using
.htaccess and htpasswd), check that it actully requires a login when you
click the link to the video normally, then create a hyperlink to the
file, right click save as - oh snap, it doesn't ask for authentication.

I've only tested it with a video file and Firefox 1.0.6.


Did you restart Firefox after clicking the link the first time?  Firefox
will remember the HTTP Basic Authentication credentials after you've entered
them once.

Did you make sure the "Use Password Manager to remember this password" check
box was cleared?  Firefox *should* still prompt you for auth, but with the
values pre-filled.

Did you clear your cache?  If you've already visited the page, it's possible
that when you click "Save Link As..." Firefox just reads the cached copy.

Are you accessing the protected page through a proxy server?  Again, it's
possible the proxy server is serving up a cached response, or re-issuing
your original request to the origin server.

For what it's worth, I tried to reproduce this and couldn't.

JT
-- 
-------------------------------------+------------------------------------
James Tait, BSc                      |        xmpp:jayteeuk@wyrddreams.org
Programmer and Open Source advocate  |          Mobile: +44 (0)7779 337596
-------------------------------------+------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities, at
Next by Date:  Vulnerability in Linksys Router access, Nick Simicich
Previous by Thread:  Re: Getting round website authentication with Firefox, Nate Smith
Next by Thread:  Spyware database lists, Paul Laudanski
Indexes:  [Date] [Thread] [Top] [All Lists]