THC Hydra (or simply Hydra) is a network online logon cracker; this means it can be used to find login passwords by brute forcing active network services. Among the many services Hydra supports, we can find HTTP form login and HTTP basic authentication.
In HTTP basic authentication, the browser sends the username and password, encoded using base64 encoding, in the Authorization header. For example, if the username is admin and the password is Password, the browser will encode admin:Password, resulting in the string YWRtaW46UGFzc3dvcmQ= and the request header will have a line such as this:
Authorization: Basic YWRtaW46UGFzc3dvcmQ=
In the previous recipe, we used Burp Suite's Intruder to attack a login form; in this recipe, we will use THC Hydra to attack a different login mechanism, HTTP basic authentication.