You can use any tool that will get HTTP headers. Example in curl you should see the server respond with WWW-Authenticate: Basic realm="xxx"
if it is using basic auth.
If digest it will look like the following.
WWW-Authenticate: Digest realm="testrealm@host.com",
qop="auth,auth-int",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
This is how to see the headers in curl.
$ curl -v http://a.b.c.d/
* About to connect() to a.b.c.d port 80 (#0)
* Trying a.b.c.d...
* Adding handle: conn: 0x7f8e0a008c00
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f8e0a008c00) send_pipe: 1, recv_pipe: 0
* Connected to a.b.c.d (a.b.c.d) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: a.b.c.d
> Accept: */*
>
< HTTP/1.1 401 Authorization Required
< Date: Wed, 05 Nov 2014 07:27:40 GMT
* Server Apache is not blacklisted
< Server: Apache
< WWW-Authenticate: Basic realm="xxx"
< Content-Length: 463
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache Server at a.b.c.d Port 80</address>
</body></html>
From what I know Curl wont capture traffic, it will only (facilitate) send and receive by itself. How about Wireshark? – Ajay – 2014-11-05T07:46:18.137
Yes that is correct. Curl is like any browser. If you want to capture traffic you can use wireshark or tcpdump. You should see the same set of HTTP headers. – f01 – 2014-11-05T07:47:46.277
1Thanks anyway, I found excellent tool: Fiddler (Windows). – Ajay – 2014-11-05T09:19:04.890
1Just for update. Fiddler won't capture traffic from Service processes. So, I had to use Network Monitor from MS, excellent tool, though need to tweak it a bit to get HTTP only traffic. – Ajay – 2014-11-07T09:37:48.070