Board index   FAQ   Search  
Register  Login
Board index PHP PHP General

logging in Apache login window

General discussions related to php

Moderators: macek, egami, gesf

logging in Apache login window

Postby franlaw » Sun Aug 31, 2003 2:01 am

Dear gurus,

I am taking a security subject and have an assignment to write a program to attack a specified web site by brute force. The password of the site is made up of 3 letters.

Since I learn a bit PHP from other subjects in the course, I decided to use PHP to do this assignment.

My problem is how I can make a php program to fill in the login window (from Apache) like a human?

I assure this is a real uni assignment. Definitely not a hacker.

All advises are appreciated.

Regards,
Francis
franlaw
New php-forum User
New php-forum User
 
Posts: 3
Joined: Sun Aug 31, 2003 1:57 am

Re: logging in Apache login window

Postby swirlee » Sun Aug 31, 2003 11:02 am

franlaw wrote:My problem is how I can make a php program to fill in the login window (from Apache) like a human?


Basically what you'll have to do is use PHP sockets to open a connection to the server and request the page. The server will then send back headers with a challenge, at which point you'll have to send back the username and password. This is not easy, and I won't explain how to do it. Instead, I'll refer you to the spec:

HTTP/1.0 -- 11. Access Authentication

Believe me, it's a charming read. You're going to learn way more about HTTP headers than you ever wanted to. Below are some PHP classes which may help you in dealing with the HTTP angle:

PHPClasses.org search for "HTTP"

You'll have to register to download any of them, but it's worth it. Good luck.
User avatar
swirlee
Moderator
Moderator
 
Posts: 2272
Joined: Sat Jul 05, 2003 1:18 pm
Location: A bunk in the back

Postby franlaw » Thu Sep 04, 2003 5:27 pm

Dear swirlee,

Thank you for your advise and the reference!

I have read the reference. It is very good, but a little bit hard for me to digest. However, I have a much better understanding on the things happening between the server and the client. I will keep explore more on this topic.

Unfortunately, my assignment come very close. I would like to seek your advise again.

As you mentioned, a connection need to be established between the server and client. Then, to request the page so as to trigger the authentication process from the server. But, I still have the following questions:-

1) What php commands I can use to establish the connection and request the page?

2) How can I detect the authentication challenge is received from server? Would it be some system global variable?

3) I believe the php command "header()" can be used to response to the challenge. Is this correct?

4) Where can I find information on the message format of response to challenge? All reference I found shows how to trigger the authentication process from the server.

Thank you in advance.

Regards,
Francis
franlaw
New php-forum User
New php-forum User
 
Posts: 3
Joined: Sun Aug 31, 2003 1:57 am

Postby swirlee » Thu Sep 04, 2003 7:41 pm

franlaw wrote:1) What php commands I can use to establish the connection and request the page?


Use PHP's Sockets functions.

franlaw wrote:2) How can I detect the authentication challenge is received from server? Would it be some system global variable?

3) I believe the php command "header()" can be used to response to the challenge. Is this correct?


Just use the socket functions and do it all in raw mode. All you're doing is sending text to and recieving text from the server. You don't need anything other than sockets. Or one of the prefab classes I mentioned.

franlaw wrote:4) Where can I find information on the message format of response to challenge? All reference I found shows how to trigger the authentication process from the server.


In order to answer this part of the question, I'd just end up going to Google and searching. I suggest that you cut out the middleman and take this step yourself.
User avatar
swirlee
Moderator
Moderator
 
Posts: 2272
Joined: Sat Jul 05, 2003 1:18 pm
Location: A bunk in the back

Postby franlaw » Fri Sep 05, 2003 1:42 pm

Dear all,

I have been trying fsockopen and keep getting the following warning:

Warning: fsockopen() [function.fsockopen]: unable to connect to http://www.site.com:80 in /home/frlaw/fsockopen.php on line 7

The statement I used is as follows:

$fp = fsockopen($url, $port, $errno, $errstr);

I am expecting error code and message will be captured in $errno and $errstr so that I can check and send the username/password for authentication. Is there anything wrong?

I have been struck in the problem for the whole night. I have been reading php manual, php sites, etc. All advices are appreciated!

Regards,
Francis
franlaw
New php-forum User
New php-forum User
 
Posts: 3
Joined: Sun Aug 31, 2003 1:57 am

Postby Redcircle » Fri Sep 05, 2003 4:12 pm

one thing you may want make a note of is that if the site you are trying to connect to has any redirects it will probably fail.
User avatar
Redcircle
Moderator
Moderator
 
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA


Return to PHP General

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.