August 2018
Intermediate to advanced
404 pages
10h 22m
English
Unlike other authentication methods, such as the form-based one, basic authentication is standard in what it sends to the server, how it sends it, and the response it expects from it. This allows attackers and penetration testers to save precious analysis time on which parameters contain the username and password, how are they processed and sent, and how to distinguish a successful response from an unsuccessful one. This is one of the many reasons why basic authentication is not considered a secure mechanism.
When calling Hydra, we used some parameters:
Read now
Unlock full access