HTTP Auth

[Neebski]

Hey there, I am wondering how I can kinda get around the login from a webpage. It is mostly network statistics from my colo provider but I would like to have a graph and stuff outside of the secure page they give me. Any ideas?

[Neebski]

Nothing?

[tech_support]

No, you can't "get around" a login. It's there for you to login.

[BLiZZaRD]

Actually you can, but it depends a little on what it is you want to do exactly.

From what I gather there is a graph image behind a log in page that you want to copy to show on a page that is not log in enabled. Is that correct?

HTTP Auth is not weak, and you don't really "get around it" BUT, you can tell the loading page to "pretend" to log you in.

let's say the page with the log in is at: http://yoursite.com/login.html and the username is "login" and the password is "please"

If you go to

Code:

http://login:please@yoursite.com/login.html

it will log you in. Sometimes (most times?) it will have a pop up asking if you want to log in and show the passbox already filled in. Just clicking okay will work. (as long as username and password are correct)

Now, armed with this, you can get the code from the page with the graph on it, and use a php include() to pull that page out and display it.

PHP Code:

<?php include "http://login:password@yousite.com/login.html"; ?>

at most a visitor will just have to click "okay" on the pop up that appears, but only once during their session.

[djr33]

True, but that makes any previously gained security now worthless.

[BLiZZaRD]

Yes it does, a double edged sword so to speak.