Searching for information on the Internet is not so easy to find, but the solution is very simple: after the authentication is passed in the htpasswd browser, each request will contain the Authorization requestheader, after this header is directly decoded with the standard base64, the plaintext username and password will be obtained. This header will be passed through the proxy to the background, so the program can directly retrieve the header and decode it.
Searching for information on the Internet is not so easy to find, but the solution is very simple:
In htPasswdAfter the browser authentication is passed, each request will carry the Authorization request header. After decoding the header directly with the standard base64, the plaintext user name and password will be obtained ...... This header will be worn from the proxy to the background, so the program can get it directly, and the user name and password can be obtained through decoding.
However, this header will be sent for each request. In terms of security, it is too bad if https is not included. In some interception programs, this is equivalent to an explicit code.