Re: How to find the login name of a user accessing my website

[ed <edvuln () s5h net>]

On Fri, 3 Nov 2006 18:13:40 -0800
"Anurag Agarwal" <anurag.agarwal () yahoo com> wrote:

> I was wondering if anyone could help me how I can find out the windows
> login  of the user, accessing my website. I think i read it somewhere
> that it gets  passed as a header information but i am not sure. If
> anyone of you guys can  help me with this, i will really appreciate
> it.

ive never seen it in the headers, but i guess it could be part of ie's
headers, but i never use that so i dont know.

it might be part of ISA-Proxy server's headers, again i dont know
though.. i would suspect that it's quite unlikely.

you might want to try doing a tcpdump on your webserver and look at the
headers, or perhaps make some custom cgi to get the headers for you.

something like

$fp = fopen( "headlog.txt", "w" );
$headers = apache_request_headers();
foreach ($headers as $header => $value) {
   fputs( $fp, "$header: $value\n" );
}
fclose($fp);

or likewise in whichever script language you use.

-- 
Regards, Ed                      :: http://www.s5h.net
:%s/\t/  /g                      :: proud unix system person
:%s/Open Source/Free Software/g

-------------------------------------------------------------------------
Sponsored by: Watchfire

AppScan delivers new remediation capabilities, key regulatory compliance 
reporting, and productivity enhancements that dramatically improve, 
automate and streamline users' ability to quickly find, remediate and 
manage web application security vulnerabilities. Change the way you think 
about application security testing - download AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YTE
--------------------------------------------------------------------------