Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]): > Using the latest apache / ssl. > > I need to find a way of brute forcing the auth but........ the web server > has an ever changing realm. > > Is this possible or shall I look elsewhere ? > > Regards >
I am not sure what do you mean by "ever changing realm", but you can adapt the following perl code to brute force your way in. You need to install Crypt::SSLeay module, dictionary, a loop and ... pretty much it... #!/usr/bin/perl -w use LWP::UserAgent; my $ua = LWP::UserAgent->new; my $req = HTTP::Request->new(POST => 'https://server.domain.com/'); $req->authorization_basic('foo', 'bar'); $res = $ua->request($req); ($res->is_success)? print $res->content, "\n" : print $res->status_line, "\n"; ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
