Testing HTTP/HTTPS through telnet/openssl
I know this is available other places, but I needed one place to keep track of everything:
Basic HTTP (telnet hostname.com 80):
GET / HTTP/1.1
host: hostname.com
- additional carriage return -
HTTPS (openssl s_client -connect hostname.com:443):
GET / HTTP/1.1
host: hostname.com
- additional carriage return -
HTTPS with Basic Authentication (openssl s_client -connect hostname.com:443):
GET / HTTP/1.1
host: hostname.com
Authorization: Basic cGVyyyyblahyyyyrJtYx4h
- additional carriage return -
This is how you would come up with the Base64 Encoded string for basic Authentication:
(This is supposed to work, but it didn’t work for me. I ended up running a sniffer on an unencrypted page that used my credentials (of course, internally) and pulled it out of the headers. If you know what I am doing wrong here, please let me know.)
perl -e 'print "username:", crypt("password","tR"), "\n"'
==> username:tR40ZxFCZTntI
perl -MMIME::Base64 -e'print encode_base64("username:tR40ZxFCZTntI")'
==> dXNlcm5hbWU6dFI0MFp4RkNaVG50SQ==
So technically you should put:
Authorization: Basic dXNlcm5hbWU6dFI0MFp4RkNaVG50SQ==
(Thanks to Brandon Checketts for the openssl replacement of telnet for https connections.)
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
To test pop3/tls (secure pop3):
openssl s_client -connect mail.hostname.com:995
Then the usual pop3 commands:
user user@domainname.com
Posted December 2, 2007, 6:30 pmpass password
list
quit
And here’s the commands to test imap (the test1-3 words are just tags required for imap):
test1 login username password
Posted January 11, 2008, 3:43 pmtest2 list “Inbox” “*”
test3 logout
You’re using to much encryption on your basic auth. Here’s the perl line that works:
perl -MMIME::Base64 -e ‘print encode_base64(“username:password”)’
(yes, the password is plain text that’s just base 64 encoded – it has basically no security.)
<mike
Posted February 24, 2009, 1:13 pmCool, thanks for pointing out what I did wrong, Mike. Not sure why I was thinking that I needed to crypt it first.
Posted February 24, 2009, 10:51 pmAlso, if your password has some “special” characters in it, it can be a pain with both the shell and perl trying to have their way with it. Here is an example on how to use openssl itself to encode it.
$ echo ‘UserName:P@$$w()Rd!’ | openssl base64 -e
Posted March 4, 2009, 6:22 pmVXNlck5hbWU6UEAkJHcoKVJkIQo=
Testing TLS:
openssl s_client -starttls smtp -crlf -connect mail.hostname.com:587
Force TLSv1:
openssl s_client -starttls smtp -crlf -tls1 -connect mail.hostname.com:587
Posted September 22, 2009, 4:50 pmHi, you can also use Python from the shell:
python -c ‘import base64; print base64.encodestring(“username:password”).rstrip(“\n”)’
then just continue normally. E.g.:
openssl s_client -connect mywebsite.tld:443
GET / HTTP/1.1
Host: localhost
Authorization: Basic
I know its late but maybe it helps somebody in the future.
Posted June 25, 2013, 6:38 amSeems the website strips < stuff.
In my other comment:
Authorization: Basic
in
Authorization: Basic (included python -c stuff here from the command above)
Posted June 25, 2013, 6:40 amTesting TLS SMTP:
perl -MMIME::Base64 -e ‘print encode_base64(“username”);’
perl -MMIME::Base64 -e ‘print encode_base64(“password”);’
in SMTP use AUTH LOGIN
334 VXNlcm5hbWU6
Posted October 19, 2014, 6:20 pmenter_encoded_username
334 UGFzc3dvcmQ6
enter_encoded_password