Testing all substrings of a password for basic auth with curl

Revision history
Tags: curl bash http

I had to test a substring of a password for a weird authentication issue with a local client

$ pw=K8ZUCmecnQU5o84mHPCnNsAKS4EdONbsJDcV
$ i=32; while true; do url="http://admin:${pw:0:$i}@"; curl -f -s -w '%{http_code}' $url; i=$((i - 1)); echo -e "\n$url"; read; done

So with this script I press enter until I see a HTTP 200, then use that URL for logging in via a browser.

If you have any comments or feedback, please send me an e-mail. (stig at stigok dotcom).

Did you find any typos, incorrect information, or have something to add? Then please propose a change to this post.

Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.