Base64 Encoded user/pass not working with auth
I must be doing something wrong, but I can't figure out why it's not working. Issuing commands via curl with the user/pass before the IP works ok, but if I convert the credentials to base64 and use auth, it gives an unauthorised error. The test user/pass has full admin rights.
$ /usr/bin/curl 'http://test:t3st1nG@192.168.1.10:8000/++setSchedule?cameraNum=5&mode=M&id=0'
OK
$ echo 'test:t3st1nG' | base64
dGVzdDp0M3N0MW5HCg==
$ echo 'dGVzdDp0M3N0MW5HCg==' | base64 --decode
test:t3st1nG
$ /usr/bin/curl 'http://192.168.1.10:8000/++setSchedule?cameraNum=5&mode=M&id=1&auth=dGVzdDp0M3N0MW5HCg=='
401 Unauthorized
I've tested this on the latest b17 version of SecuritySpy.
Thanks,
Paul.
$ /usr/bin/curl 'http://test:t3st1nG@192.168.1.10:8000/++setSchedule?cameraNum=5&mode=M&id=0'
OK
$ echo 'test:t3st1nG' | base64
dGVzdDp0M3N0MW5HCg==
$ echo 'dGVzdDp0M3N0MW5HCg==' | base64 --decode
test:t3st1nG
$ /usr/bin/curl 'http://192.168.1.10:8000/++setSchedule?cameraNum=5&mode=M&id=1&auth=dGVzdDp0M3N0MW5HCg=='
401 Unauthorized
I've tested this on the latest b17 version of SecuritySpy.
Thanks,
Paul.
Comments
There is a flaw in that method you are using to generate the Base64 value, which is that it includes the return character after the string you are trying to encode. So the password comes out with a return character at the end of it, which causes it to fail.
Instead, use this free online Base64 encoder. You will see that the string "test:t3st1nG" actually encodes to "dGVzdDp0M3N0MW5H".
I was trying to avoid submitting my credentials to an unknown online service, but having just looked at the site's privacy policy, I feel more confident using it.
"All communications with our servers are made through secure SSL encrypted connections (https). Uploaded files are deleted from our servers immediately after being processed, and the resulting downloadable file is deleted right after the first download attempt, or 15 minutes of inactivity. We do not keep or inspect the contents of the entered data or uploaded files in any way. Read our privacy policy below for more details."
openssl base64 [press enter]
test:t3st1nG [press ctrl+d three times]
This results in the following:
$ openssl base64
test:t3st1nGdGVzdDp0M3N0MW5H
Just separate the base64 text from the line above.
dGVzdDp0M3N0MW5H
Another method to generate a base64 user:password locally
echo -n 'test:t3st1nG' | base64
The -n flag insures no hidden characters are added
returns "dGVzdDp0M3N0MW5H"
Above works for me using zsh shell.
@knowz - this is great, thanks for posting!
Follow Up - All of this is relatively very new to me. Terminal, shell bash scripting. So take with a grain of salt.
echo -n 'test:t3st1nG' | base64 returns "dGVzdDp0M3N0MW5H"
In addition to the above (using the "-n" flag to not print the trailing newline character)
echo man also suggests these options to eliminate the newline character in the result
echo 'test:t3st1nG\c' | base64 < note the ( \c ) added to your ( user:password ) string
printf 'test:t3st1nG' | base64 < encouraged as it is apparently the most portable
each of the 2 commands above also return "dGVzdDp0M3N0MW5H" respectively
see man echo and man printf combined with some web browsing for more info