Provide Http Auth Credentials

Provides HTTP Basic authentication credentials for requests requiring authorization.

Terminal

python sqlmap.py -u "{http://www.example.com/vuln.php}" --auth-type <Basic> --auth-cred "{testuser:testpass}"

python sqlmap.py -u "`{http://www.example.com/vuln.php`}" --auth-type <Basic> --auth-cred "`{testuser:testpass`}"

#!/bin/bash

# Provide Http Auth Credentials
python sqlmap.py {{[-u|--url]}} "{{http://www.example.com/vuln.php}}" --auth-type {{Basic}} --auth-cred "{{testuser:testpass}}"

import subprocess

# Provide Http Auth Credentials
# Make sure to replace <placeholders> with actual values
def run_command():
    cmd = [
        "python",
        "sqlmap.py",
        "-u",
        "\"{http://www.example.com/vuln.php}\"",
        "--auth-type",
        "<Basic>",
        "--auth-cred",
        "\"{testuser:testpass}\""
    ]
    
    try:
        print(f"Executing: {' '.join(cmd)}")
        subprocess.run(cmd, check=True)
    except subprocess.CalledProcessError as e:
        print(f"Error: {e}")
    except FileNotFoundError:
        print("Error: python not found. Please install it first.")

if __name__ == "__main__":
    run_command()

When To Use

When testing web applications that enforce authorization for certain endpoints.

Pro Tip

Utilize --ignore-401 to proceed with further testing even if the unauthorized response is encountered.

Anatomy of Output

Understanding the result

[06:45:10] [INFO] using HTTP Basic authentication Auth Type

Indicates that Basic authentication is being applied.

[06:45:11] [INFO] sending credentials for authentication Auth Info

Credentials are being sent with the request.

[06:45:12] [SUCCESS] authenticated as 'testuser' Auth Result

Confirms successful authentication for the provided user.

Power User Variants

Optimized versions

python sqlmap.py -u 'http://www.example.com/vuln.php' --auth-type Digest --auth-cred 'testuser:testpass'

Testing with Digest authentication.

python sqlmap.py -u 'http://www.example.com/vuln.php' --auth-type Basic --auth-cred 'admin:adminpass'

Using different demo credentials for testing.

Troubleshooting

Common pitfalls

sqlmap -u '...' --auth-type Basic --auth-cred '...' - ERROR: 401 Unauthorized

Solution: Confirm that credentials are correct and the endpoint requires Basic Auth.

sqlmap -u '...' --auth-type Basic --auth-cred '...' - ERROR: Invalid authentication type

Solution: Check that the specified auth type is supported by the application.

sqlmap -u '...' --auth-type Basic --auth-cred '...' - ERROR: Unable to establish a secure connection

Solution: Ensure HTTPS is enabled if using Basic authentication over SSL.

Command Breakdown

What each part is doing

python: Base Command; The executable that performs this operation. Here it runs Python before the shell applies any redirect operators.
-u: u| url; The URL supplied to this command.
{http://www.example.com/vuln.php}: http: www.example.com vuln.php; The value supplied for http: www.example.com vuln.php.
<Basic>: Basic; The value supplied for Basic.
{testuser:testpass}: testuser:testpass; The user value supplied to this command.
-u: Command Option; Tool-specific option used by this command invocation.
--auth-type: Command Option; Tool-specific option used by this command invocation.
--auth-cred: Command Option; Tool-specific option used by this command invocation.

Alternative Approaches

Comparable commands in other tools

Alternative security tools for the same job.

Nettacker / Run Ping Test And Multiple Scans On Target nettacker --ping-before-scan -m <port_scan,subdomain_scan,waf_scan,...> -g <80,443> -i <owasp.org> Gpg / Display Help In Gpg Tui <?> Freshclam / Update Virus Definitions Clamav freshclam Secret Tool / Retrieve Password secret-tool lookup key <key> John / Show Passwords Cracked john --show <path/to/hashes.txt>