Penetration Testing mailing list archives

Can Hydra Brute Force HTTP Digest Authentication?

From: Zaki Akhmad <zakiakhmad () gmail com>
Date: Thu, 18 Aug 2011 11:08:41 +0700

Hi,

I'd like to know whether hydra can brute force HTTP digest authentication?

From the OWASP Testing document[1], I only found brute force:

- HTTP basic authentication
- HTML Form Based Authentication

[1] https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29#Brute_force_Attacks

-- 
Zaki Akhmad

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Can Hydra Brute Force HTTP Digest Authentication? Zaki Akhmad (Aug 25)
- Re: Can Hydra Brute Force HTTP Digest Authentication? David Maciejak (Aug 26)
- Re: Can Hydra Brute Force HTTP Digest Authentication? Steve Pinkham (Aug 26)