HTTP basic authentication is when you provide a username and password with your HTTP request. You can pass it as part of the URL in modern browsers. Consider this example:
http://username:[email protected]
When adding basic authentication programmatically, the credentials are provided as an HTTP header named Authorization, which contains a value of username:password base64 encoded and prefixed with Basic, separated by a space. Consider the following example:
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
Web servers typically respond with a 401 Access Denied code when the authentication fails, and they should respond with a 2xx success code such as 200 OK.
This example will take a URL and a username value and attempt to log in using the passwords generated.
To reduce the effectiveness of attacks like these, implement a rate-limiting...