[Owasp-testing] Authentication Mechanism

chr1x chr1x at sectester.net
Mon Dec 28 14:51:34 EST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Hi Zaki,

I think that you are referring to how to footprint the authentication
mechanisms used by an application, if this is the one that you are
looking I would recommend that there are two different type of
authentication mechanisms (those are not the only ones) but in this
case, I'll mention those two:

   1. Apache based auth ->
      http://httpd.apache.org/docs/2.0/howto/auth.html
   2. Form based auth (traditional user/password login screen)

If you use Tools like Acunetix, you will see that there are two
options that you can use in order to get authenticated into the
application, you can record a session which uses the form based auth,
or you can choose the login/password used for Apache based auth, so, I
showed you those two options as a way to detect the type of mechanism
used for an app.

Hope this helps.

[CubilFelino Security Research Lab] http://chr1x.sectester.net
The computer security is an art form. It's the ultimate martial art."
New Forum at: http://www.sectester.net. Share your knowledge!



Zaki Akhmad escribió:
> Hello,
>
> Any hint if I'd like to know the authentication mechanism? From the
> information gathering activity I did, what I found is:
>
> - Web server type
> - Application program language
> - Database type
>
> --
> Zaki Akhmad
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
iQEcBAEBAgAGBQJLOQxGAAoJEENUkd83ZfT42GkIAIw63g0P+Cb6ZiAIwV3Ce3At
69T/Alo2xkU7BlRnz0JApY6IR4I8cuijKRmrV/o42AmlAVihSkYyJ5k8VQxooxcp
dQdJkEoua4uzd9KRiTFWDjhtl4Krkxk3IEZInX2kO8t9mJq7zVV0qIK50Rd3jPgB
m+cx9EbgMGKABNuLTh6T5KKTCcOqO2mq6A7DHTXBks2hRWhk4CgTXGFkTAj3fynb
yR8qveocdY6HM9WZuvVUAIlEyvWX9AElJ1GgPuJsj265kn8LX0v8p0zV8pRiJ8da
fHbBmVSUxsIo6aurZTWkV/LhSTcP3F1cS3Cu/YUqk2M4wtiSRHo0kWEWG30GDO8=
=9TyY
-----END PGP SIGNATURE-----



More information about the Owasp-testing mailing list