WebApp Sec mailing list archives
Re: How to find the login name of a user accessing my website
From: ed <edvuln () s5h net>
Date: Sun, 5 Nov 2006 19:08:20 +0000
On Fri, 3 Nov 2006 18:13:40 -0800 "Anurag Agarwal" <anurag.agarwal () yahoo com> wrote:
I was wondering if anyone could help me how I can find out the windows login of the user, accessing my website. I think i read it somewhere that it gets passed as a header information but i am not sure. If anyone of you guys can help me with this, i will really appreciate it.
ive never seen it in the headers, but i guess it could be part of ie's headers, but i never use that so i dont know. it might be part of ISA-Proxy server's headers, again i dont know though.. i would suspect that it's quite unlikely. you might want to try doing a tcpdump on your webserver and look at the headers, or perhaps make some custom cgi to get the headers for you. something like $fp = fopen( "headlog.txt", "w" ); $headers = apache_request_headers(); foreach ($headers as $header => $value) { fputs( $fp, "$header: $value\n" ); } fclose($fp); or likewise in whichever script language you use. -- Regards, Ed :: http://www.s5h.net :%s/\t/ /g :: proud unix system person :%s/Open Source/Free Software/g ------------------------------------------------------------------------- Sponsored by: Watchfire AppScan delivers new remediation capabilities, key regulatory compliance reporting, and productivity enhancements that dramatically improve, automate and streamline users' ability to quickly find, remediate and manage web application security vulnerabilities. Change the way you think about application security testing - download AppScan today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YTE --------------------------------------------------------------------------
Current thread:
- How to find the login name of a user accessing my website Anurag Agarwal (Nov 05)
- Re: How to find the login name of a user accessing my website ed (Nov 05)
- Re: How to find the login name of a user accessing my website Dhruv Soi (Nov 05)
- RE: How to find the login name of a user accessing my website Maxime Ducharme (Nov 06)