While searching for a guide I found this example on Wikipedia
GET /dir/index.html HTTP/1.0
Host: localhost
Authorization: Digest username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
(it would be great if there is a tool/site that converts requests from this form raw requests to curl command)
this the realm and nonce when I try to send a normal get request to the site.
WWW-Authenticate: Digest realm="device1",nonce="3c5d8f92f03d9f1afd5dd55a7b172ee8", qop="auth", algorithm="MD5"
the response but from a network capture screen shot
After searching online again for a little bit I got that the command should be like this
curl "url" --digest -u {username}:{pass} -vv -d @4.xml -H "Content-Type: text/xml;charset=utf-8"
but I didn't get where to put the nonce or the realm or the qop or algorithm="MD5"
while the .xml file contain the post data (in my case it's a soap action)
You don't have to specify all those values anywhere. The only thing you do have to is username/password pair. CURL takes care of computing the client response for you. This is exactly what "supporting of digest authentication" means for any client.