The idea to Project 2068/11.1 came up while I tried to get administrator access to a webserver. It was a Netscape Enterprise Server and I found the port of the Administration Server. I tested some standard passwords an was tired of entering words, pressing enter, waiting and so on. The I noted that I can try so many passwords I like to. Nothing changed. An idea was born.
After some houres of thinking about it I gave this thing the codename
ObiWaN. This stands for "Operation burning insecure Webserver against Netscape".
Nothing about Netscape. I´d like to call it "against Microsoft" but
first I like ObiWaN more then ObiWaM and second I had this idea by trying
to break in a Netscape Server - not Microsoft. Thats life.
Later - as I wrote some routines for this project I gave him an
"official" name: Project 2068/11.1 or real short Project 2068. This is
a real good name. 2068 is the number of the RFC which describes the HTTP/1.1
protocol. 11.1 is the section which describes the basic authentication
sheme. This is the mostly used authentication sheme for Webserver and used
by ObiWaN.
The rest of the history is told fast: I´m a "try and coredump" programmer in UNIX. I killed my Linux box many times by using the wrong libc or misconfiguring my test Apache Server. Pointers and strings in C are a real problem for a stupid networker. And writing code that frees memory after using it is not so simply.
And now I´v got a program in version 0.6something. There are some things not implementet yet - like testing for unusual connection problems and extensive tests for people who try to use ObiWaN against a smtpd or telnetd but it looks like a stable version for me. Sure you will find many cases where it does not find the right password or produces a "Segentation fault". But please see the first 3 lines and send me a mail.