How to recover stored protected http passwords at Communication Channel, HTTP destination and others
Recently I´ve been on a situation where the password stored on SOAP Communication Channel was lost. Of course SAP protects the content by not allowing to view and copy the password, so some kind of recovery was needed.
The approach above works for any HTTP based communication using basic authentication. Should work for SOAP, HTTP and XI Adapters and also sm59 HTTP Connection type (H and G).
Never use it without knowledge of security team and system administrator.
| SOAP Communication Channel | HTTP destination (type H) |
|---|---|
 |
 |
Basic Authentication is very unsafe because client sends the user and password unencrypted at http header. So a simple connection interception would be able to view the content in plain text.
1) So first install netcat (exists for windows and linux) on your local machine. Netcat will be our connection interceptor in this case.
2) Find out your local ip address (using ipconfig / ifconfig)
In my case its 192.168.0.102.
3) Type the following command:
# nc -l <your_ip> <any_port>
In my case is:
# nc -l 192.168.0.102 8080
Netcat now listens on specified port.
4) Change your Communication Channel / HTTP Destination to your IP and port:
| SOAP Communication Channel | HTTP destination (type H) |
|---|---|
 |
(also disable any SSL, SNC or Proxy, if any) |
5) Save and activate
6) Run your connection test again and check netcat´s output:
The highlighted is the user and password header, encoded in base64.
7) Copy the content after Basic and run on some base64 decoder (https://www.google.com.br/?q=base+64+decoder+online#safe=off&q=base+64+decoder+online)
And that´s it!
This is one of the reasons that using Basic Authentication is not a good ideia. Using key pair certificate authentication is much more safe.