tags:

views:

29

answers:

2
Q: 

How to access url that requires http authenticate in c/c++/command line? 

http://admin:[email protected]/videostream.cgi

To access a url that doesn't require http authenticate it's quite easy:

telnet 192.168.1.178 80
Get /videostream.cgi HTTP/1.1
Accept: text/html;text/plain

User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.13) Gecko/20100914 Firefox/3.5.13
Connection: close

But how to specify admin:123456?

+1  A: 

See the RFC or This Wikipedia article.

It can be educational to use Wireshark, or some other LAN sniffer, to watch what a browser and server do when you access a URL with embedded credentials such as your http://admin:[email protected]/videostream.cgi

RedGrittyBrick  2010-10-28 13:15:33
Is it possible to save the video stream into a file by command line?
ollydbg  2010-10-28 13:30:43
As Wyatt Anderson says, there are tools like curl that are useful for this sort of thing. I mostly use `wget` which is similar to `curl`. For example `wget http://admin:[email protected]/videostream.cgi` or `wget --http-user admin --http-password 123456 http://192.168.1.178/videostream.cgi`.
RedGrittyBrick  2010-10-28 15:25:23
A: 

For basic authentication, you specify the username and password as username:password, then Base64-encode it and use it as an argument to the Authentication header:

Authorization: Basic YXNkZjoxMjM0

YXNkZjoxMjM0 decodes to asdf:1234; I used curl -u adsf:1234 (specifying the username "asdf" and password "1234") to produce this result.

Wyatt Anderson  2010-10-28 13:18:01
Is it possible to save the video stream into a file by command line?
ollydbg  2010-10-28 13:30:50
You might try just using `curl`: `curl -O -u USERNAME:PASSWORD url` would save the output to a file. Check out the manpage for `curl` for the complete list of options.
Wyatt Anderson  2010-10-28 13:37:37
No curl,only telnet is allowed.BTW,I tried to use curl to deal with stream before,but seems not working,it can only deal with simple resources but not continuous streams.
ollydbg  2010-10-28 13:41:22
Hmm. Tricky. So you can *only* use `telnet` to do this? Are you on Linux or Windows? You could try redirecting the output of `telnet` to a file. It looks like [this guy](http://www.commandlinefu.com/commands/view/4412/use-curl-to-save-an-mp3-stream) has some advice for saving MP3 streams with `curl`... but if you're really only restricted to using `telnet` you might have a harder time.
Wyatt Anderson  2010-10-28 15:27:37
From a firewall point of view, using curl (or wget) is indistinguishable from using telnet to port 80. I would use Wireshark to see how the service at your URL is streaming data. Perhaps it serves up HTML with some embedded links to other object URLs that do the streaming?
RedGrittyBrick  2010-10-28 15:32:46

related questions

Basic HTTP Authentication on iPhone
Can I coerce Apache into not including a WWW-Authenticate header for failed HTTP Basic Auth?
How do I keep Firefox from prompting for username/password with HTTP Basic Auth with JQuery AJAX?
Apache .htaccess password protect with relative path
HTTP Authentication Headers for IIS windows authentication
How can an Ajax callback realize that a user's authenticated session has timed out?
IIS as reverse proxy
Designing a web api: How to authenticate?
Authenticating to Google Search Appliance using Basic HTTP auth and ASP.NET (VB)
How do I secure authentication but not the payload?
HTTP Digest Authentication versus SSL
What should we implement to authorize clients to use our web service?
Handling http authenticated urls from elisp
Flex 3 - how to support HTTP Authentication URLRequest?
HTTP Basic Authentication with HTTPService Objects in Adobe Flex/AIR
How does wininet handle cookies
IIS7 and Authentication problems
Apache/.htaccess - password-protecting a domain but whitelisting certain URIs within it
Why is the http auth UI so poor in browsers?
WCF WebHttp Mixed Authentication (Basic AND Anonymous)
HTTP Authentication (Basic or Digest) in ASP Classic via IIS
Can I use HTTP Basic Authentication with Django?
Kerberos and T125 protocol
How can I supress the browser's authentication dialog?
GreaseMonkey script to auto login using HTTP authentication