UtahSysAdmin.com

Testing HTTP/HTTPS through telnet/openssl

I know this is available other places, but I needed one place to keep track of everything:

Basic HTTP (telnet hostname.com 80):

GET / HTTP/1.1
host: hostname.com
- additional carriage return -

HTTPS (openssl s_client -connect hostname.com:443):

GET / HTTP/1.1
host: hostname.com
- additional carriage return -

HTTPS with Basic Authentication (openssl s_client -connect hostname.com:443):

GET / HTTP/1.1
host: hostname.com
Authorization: Basic cGVyyyyblahyyyyrJtYx4h
- additional carriage return -

This is how you would come up with the Base64 Encoded string for basic Authentication:

(This is supposed to work, but it didn’t work for me. I ended up running a sniffer on an unencrypted page that used my credentials (of course, internally) and pulled it out of the headers. If you know what I am doing wrong here, please let me know.)

perl -e 'print "username:", crypt("password","tR"), "\n"'
==> username:tR40ZxFCZTntI
perl -MMIME::Base64 -e'print encode_base64("username:tR40ZxFCZTntI")'
==> dXNlcm5hbWU6dFI0MFp4RkNaVG50SQ==

So technically you should put:

Authorization: Basic dXNlcm5hbWU6dFI0MFp4RkNaVG50SQ==

(Thanks to Brandon Checketts for the openssl replacement of telnet for https connections.)

« Convert man page to a text file

Intermediate or Chain SSL Certs on BigIP 4.5 »

---

Please VOTE for this page at: | | | | | | | | | | | |

---

This entry was posted on Thursday, November 8th, 2007 @ 4:05 pm on the category Technical.You can follow any responses to this entry through the RSS 2.0 You can leave a response, or trackback from your own site.

8 Comments

1. 
   
   Kevin Pendleton says:

   To test pop3/tls (secure pop3):

   openssl s_client -connect mail.hostname.com:995

   Then the usual pop3 commands:

   user user@domainname.com
   pass password
   list
   quit

   Posted December 2, 2007, 6:30 pm
2. 
   
   Kevin Pendleton says:

   And here’s the commands to test imap (the test1-3 words are just tags required for imap):

   test1 login username password
   test2 list “Inbox” “*”
   test3 logout

   Posted January 11, 2008, 3:43 pm
3. 
   
   Mike Meyer says:

   You’re using to much encryption on your basic auth. Here’s the perl line that works:

   perl -MMIME::Base64 -e ‘print encode_base64(“username:password”)’

   (yes, the password is plain text that’s just base 64 encoded – it has basically no security.)

   <mike

   Posted February 24, 2009, 1:13 pm
4. 
   
   Kevin Pendleton says:

   Cool, thanks for pointing out what I did wrong, Mike. Not sure why I was thinking that I needed to crypt it first.

   Posted February 24, 2009, 10:51 pm
5. 
   
   Tommy McNeely says:

   Also, if your password has some “special” characters in it, it can be a pain with both the shell and perl trying to have their way with it. Here is an example on how to use openssl itself to encode it.

   $ echo ‘UserName:P@$$w()Rd!’ | openssl base64 -e
   VXNlck5hbWU6UEAkJHcoKVJkIQo=

   Posted March 4, 2009, 6:22 pm
6. 
   
   Kevin Pendleton says:

   Testing TLS:

   openssl s_client -starttls smtp -crlf -connect mail.hostname.com:587

   Force TLSv1:

   openssl s_client -starttls smtp -crlf -tls1 -connect mail.hostname.com:587

   Posted September 22, 2009, 4:50 pm
7. 
   
   Alexandru Gheorghe says:

   Hi, you can also use Python from the shell:

   python -c ‘import base64; print base64.encodestring(“username:password”).rstrip(“\n”)’

   then just continue normally. E.g.:

   openssl s_client -connect mywebsite.tld:443
   GET / HTTP/1.1
   Host: localhost
   Authorization: Basic

   I know its late but maybe it helps somebody in the future.

   Posted June 25, 2013, 6:38 am
8. 
   
   Alexandru Gheorghe says:

   Seems the website strips < stuff.

   In my other comment:

   Authorization: Basic

   in

   Authorization: Basic (included python -c stuff here from the command above)

   Posted June 25, 2013, 6:40 am

Leave a reply