Inspired by wechall.net I’ve decided to make this short tutorial to show you how to bypass a .htaccess password protection without knowing username or password. This is not really a vulnerability, this trick is based on a bad configuration by website administrator or sysadmin.
How looks like a bad .htaccess password protection:
AuthUserFile .htpasswd AuthGroupFile /dev/null AuthName "Authorization Required" AuthType Basic <Limit GET POST HEAD PUT DELETE CONNECT OPTIONS HTTP> require valid-user </Limit>
I’ve uploaded this script here http://howtofix.pro/tools/online/htbypass/index.php to help you to test this trick. As default protected file is
index.php so you have to access file with
index.php at final.
How to bypass .htaccess password protection
First of all we need some tools: Mozilla Firefox and Live HTTP Headers Plugin for Mozilla Firefox
Assumed that you downloaded and installed the tools required above you have launch Live HTTP Headers plugin from Firefox. After you have launched plugin tick “Capture” on Live HTTP Headers Window:
After that you have to access the link protected with .httaccess password. In my case link is : http://howtofix.pro/tools/online/htbypass/index.php
When a username and password is required press “Cancel“.
Now Live HTTP Headers Looks Like:
Now you have to (1) untick “Capture” then (2) click on link which you have accessed and finally (2) click on “Replay…” button.
The new window looks like:
Now what we have to do is to send the following kind of request via Live HTTP Replay:
Now type HTTP on field (1) and then click on “Replay” Button (2) . After that you’re in, you have accessed index.php file which has protected by a .htaccess password.
How to fix .htaccess bad configuration?
A simple and good code for beginners looks like this:
AuthType Basic AuthName "restricted area" AuthUserFile /htpassws_full_directory/.htpasswd require valid-user
If you want to restrict to only certain kinds of requests you should read more on google coz’ it’s easy 🙂
You’ve just bypassed a .htaccess password protected file.
Feel free to exercise at my own link: http://howtofix.pro/tools/online/htbypass/index.php
PS: This tutorial should be only used to test protection of your OWN site/server. I do not take any responsibility for the way you’re using this information. You’re the only one who is responsable for the way of using this tutorial!
Later edit: There is a another functional version of Live Http Headers module on mozilla addons page.
Inspiration? -> wechall :))