Scribd
Upload
3 views5 pages

Lab 1rr

This document outlines the steps for setting up HTTP Basic Authentication on a Linux machine using Apache. It includes instructions for starting Apache, creating a protected web page, configuring authentication, specifying user credentials, and using Wireshark to capture authentication data. Additionally, it suggests trying Digest Authentication for improved security and provides submission guidelines for the lab report.

Uploaded by

kietnase172572
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
3 views5 pages

Lab 1rr

This document outlines the steps for setting up HTTP Basic Authentication on a Linux machine using Apache. It includes instructions for starting Apache, creating a protected web page, configuring authentication, specifying user credentials, and using Wireshark to capture authentication data. Additionally, it suggests trying Digest Authentication for improved security and provides submission guidelines for the lab report.

Uploaded by

kietnase172572
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Lab 1 - HTTP BASIC AUTHENTICATION

Name: Nguyen Anh Kiet


Student ID: SE171527

0. What You Need


A Linux machine, recommended Kali.a

1. Starting Apache
In a Terminal window, execute this command:
service apache2 start
If you see an error saying Apache is not installed, install it using below command:
sudo apt install apache2
In a Terminal window, execute this command:
ip addr
(Note: ifconfig is deprecated and ip is preferred.)
Find your IP address.
Click Applications, Internet, "Firefox Web Browser" and enter your IP address in the
URL. You should see a Web page--if your Apache is newly installed, it will be an Apache
default page.

2. Creating the secret Page


In a Terminal many need sudo to proceed:
mkdir /var/www/html/secret
nano /var/www/html/secret/index.html
In nano, enter the HTML code shown below, replacing YOUR-NAME with your own
name:
<html>
<body>
<h1>HOD401-SP25 Secret Page</h1>
Protected by HTTP Basic Authentication!
<br>Copyright 2025 by YOUR-NAME.
</body>
</html>
Save the file with Ctrl+X, Y, Enter.
In Firefox, append /secret to the IP address to view your page, provide screenshot.

Was there any password required to see this page?

3. Configuring Basic Authentication


In a Terminal window, execute this command:
nano /etc/apache2/sites-enabled/001-secret.conf
In nano, enter the code shown below:
<Directory "/var/www/html/secret">
DirectoryIndex index.py
AddHandler cgi-script .py
Options Indexes FollowSymLinks MultiViews ExecCGI
AuthType Basic
AuthName "Private Documentation Repository"
AuthUserFile /etc/apache2/.htaccess
Require valid-user
AllowOverride None
Order allow,deny
allow from all
</Directory>
Save the file with Ctrl+X, Y, Enter.

4. Specifying Username and Password


In a Terminal window, execute this command replacing "YOUR-NAME” with your own
name. When you are prompted for a password, enter yourpassword twice.
htpasswd -c /etc/apache2/.htaccess YOUR-NAME

5. Restart Apache
In a Terminal window, execute this command: service apache2 restart
6. Starting Wireshark
In a Terminal window, execute this command:
wireshark
In Wireshark, double-click any, as shown below. Click Start.
7. Authenticating
In Firefox, refresh the page with your IP address followed by /secret
An "Authentication Required" box pops up. Log in with yourname and the
password yourname25
In Wireshark, click Stop.
In the Info column, find the one is labelled "GET /secret/ HTTP/1.1"
In the top pane of Wireshark, click "GET /secret/ HTTP/1.1".
In the middle pane, expand the "Hypertext Tranfer Protocol" section.
Scroll down and expand the Authorization section.
The credentials are shown in cleartext, showing your name and your password.
Capture and paste the screenshot here.

8. Authentication type:

Try another authentication type which is more secure than Basic.

Can you see the password as plaintext as before? Show the result.

Sử dụng xác thực Digest (Cũng với quy trình xác thực giống Basic Authentication nhưng nó có
thêm giá trị nonce và thuật toán MD5 để mã hóa. Từ đó tăng cường bảo mật khi xác thực
danh tính người dùng.)
Không giống như Basic Authentication, Digest Authentication không gửi tên người dùng và
mật khẩu dưới dạng văn bản thuần túy hoặc mã hóa Base64.

Thay vào đó, bạn sẽ thấy thông tin đăng nhập được băm như thế này

9. Submission: name this file as "YourName_StudentID_Lab1" in docx / PDF format.

You might also like