HTTP Digest Auth
#6
In my opinion it should be very obvious if you know what the HTTP Digest Authentication fields mean and for what they are used for. Anyway here is how you would format it in your *very* specific example (yeah, I agree, the format itself is more flexible to allow a very large set of different applications, including but not limited to SIP/HTTP etc, and therefore someone that has no clue what a nonce, qop, URI etc is, might get confused, but in all other cases it should be very intuitive):
Code:
$sip$***[username]*[realm]*GET*[uri_protocol]*[uri_ip]*[uri_port]*[nonce]*[clientNonce]*[nonceCount]*[qop]*MD5*[response]


the example hash from the example you linked (https://hashcat.net/forum/thread-1455-po...ml#pid8513) for instance should be formated like this:
Code:
$sip$***ktxrk56yevb52dg4*192.168.100.21*REGISTER*sip*192.168.100.21*5065*f9230a7f-77e0-426e-83c4-cf3ffd9315a7*prNDNtHQotLf1Vp*00000103*auth*MD5*3b1c269c6e13644538304b6a8e5626ff

(also note: in this case your python code need to be changed like this: hash2 = hashlib.md5('REGISTER:'+uri).hexdigest() i.e. replace "GET:" -> "REGISTER:")


Messages In This Thread
HTTP Digest Auth - by whatisthis - 05-15-2017, 08:24 PM
RE: HTTP Digest Auth - by philsmd - 05-15-2017, 08:31 PM
RE: HTTP Digest Auth - by whatisthis - 05-15-2017, 08:43 PM
RE: HTTP Digest Auth - by whatisthis - 05-15-2017, 09:26 PM
RE: HTTP Digest Auth - by whatisthis - 05-15-2017, 11:26 PM
RE: HTTP Digest Auth - by philsmd - 05-16-2017, 08:08 AM
RE: HTTP Digest Auth - by whatisthis - 05-17-2017, 03:50 PM
RE: HTTP Digest Auth - by hprnv - 03-06-2018, 09:56 AM