Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Getting round website authentication with Firefox
From: James Tait <james.tait () wyrddreams org>
Date: Thu, 28 Jul 2005 09:24:22 +0100

account.throw () gmail com wrote:
Using firefox's "save target as" feature, you can get round web
authentication.

Make a password protected directory (with a video file inside) (using
.htaccess and htpasswd), check that it actully requires a login when you
click the link to the video normally, then create a hyperlink to the
file, right click save as - oh snap, it doesn't ask for authentication.

I've only tested it with a video file and Firefox 1.0.6.

Did you restart Firefox after clicking the link the first time?  Firefox
will remember the HTTP Basic Authentication credentials after you've entered
them once.

Did you make sure the "Use Password Manager to remember this password" check
box was cleared?  Firefox *should* still prompt you for auth, but with the
values pre-filled.

Did you clear your cache?  If you've already visited the page, it's possible
that when you click "Save Link As..." Firefox just reads the cached copy.

Are you accessing the protected page through a proxy server?  Again, it's
possible the proxy server is serving up a cached response, or re-issuing
your original request to the origin server.

For what it's worth, I tried to reproduce this and couldn't.

JT
-- 
-------------------------------------+------------------------------------
James Tait, BSc                      |        xmpp:jayteeuk () wyrddreams org
Programmer and Open Source advocate  |          Mobile: +44 (0)7779 337596
-------------------------------------+------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]