Posted on 2007-06-11 10:40
小螞蟻 閱讀(213)
評論(1) 編輯 收藏 所屬分類:
天國之路
研究htdigest有一段時間了,在網(wǎng)上能找到的資料對具體的算法描述都很模糊,硬著頭皮看RFC 2671對算法大概有了認(rèn)識,然后參考shttpd的源代碼終于搞清楚了,其實也很簡單:
response=MD5(ha1:nonce:nc:cnone:qop:a2)
其中:
ha1=MD5(username:realm:password)
a2=MD5(method:uri)
學(xué)習(xí)源碼是硬道理,網(wǎng)上寫這些東西的人不是相互對抄就是對RFC 2671簡單的翻譯,要不然就是我太笨了,郁悶...
sniffer備注:
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: obol.kmip.net
Connection: Keep-Alive
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest realm="My Site",
nonce="3266a84c73f7e0e13f4fa6ba1d52d4ce",
qop="auth"
Content-Type: text/html
Content-Length: 351
Date: Sun, 10 Jun 2007 23:52:57 GMT
Server: lighttpd/1.4.13
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"<html xmlns=" <head>
<title>401 - Unauthorized</title>
</head>
<body>
<h1>401 - Unauthorized</h1>
</body>
</html>
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: obol.kmip.net
Connection: Keep-Alive
Authorization: Digest username="test",
realm="My Site",
qop="auth",
algorithm="MD5",
uri="/",
nonce="3266a84c73f7e0e13f4fa6ba1d52d4ce",
nc=00000001,
cnonce="5886b782b452993f7559cbd83b6b611b",
response="932dd7f51f34d766997923876508e620"
HTTP/1.1 200 OK
Content-Type: text/html
ETag: "972667827"
Accept-Ranges: bytes
Last-Modified: Sun, 22 Apr 2007 05:10:52 GMT
Content-Length: 2878
Date: Sun, 10 Jun 2007 23:56:44 GMT
Server: lighttpd/1.4.13