# Telnet into HTTP with authorization



## trink (Jan 18, 2008)

I'm looking to telnet into HTTP with authorization.

I'm trying to use a GET /blah.html HTTP/1.1 request with the correct Host: header and whatnot, but the thing is that when you actually view that page with a browser, it pops up the actual login box which produces the 200 or 500 redirect statuses depending on the information given. I'm trying to telnet to that page, and I'm wondering how the header should look in order to telnet into that. I've done a bit of looking around and its something to the sort of:



> telnet localhost 1024
> GET /blah.html HTTP/1.1
> Host: localhost
> Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ]==


I'm not exactly too sure what should go in that base64 jumble right there, but I'd like some help on figuring out how to telnet into that page with the correct authorization so that I can get the page itself.

Any help would be greatly appreciated.


----------



## lensman3 (Oct 19, 2007)

What you have said is wrong. telnet localhost 1024 for http is really "telnet localhost 80". The http port is 80 (see the Unix file /etc/services for the ports assignments). You need to set a telnet client up on your PC listening to port 80 and then connect to it with a browser to see what the first hand shacking it. The authorizing string changes from session to session and connection to connection. I doubt it ever will repeat itself. If it did it would be a security hole a mile wide.

Unix/Linux has a program called "nc" that will bind to a port and dump what is sent to it. What you really want is a "snoop" capability!


----------

