Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 
Former Member

Recently I´ve been on a situation where the password stored on SOAP Communication Channel was lost. Of course SAP protects the content by not allowing to view and copy the password, so some kind of recovery was needed.

The approach above works for any HTTP based communication using basic authentication. Should work for SOAP, HTTP and XI Adapters and also sm59 HTTP Connection type (H and G).

Never use it without knowledge of security team and system administrator.

SOAP Communication ChannelHTTP destination (type H)

Basic Authentication is very unsafe because client sends the user and password unencrypted at http header. So a simple connection interception would be able to view the content in plain text.

1) So first install netcat (exists for windows and linux) on your local machine. Netcat will be our connection interceptor in this case.

2) Find out your local ip address (using ipconfig / ifconfig)

     In my case its

3) Type the following command:

     # nc -l <your_ip> <any_port>

     In my case is:

     # nc -l 8080

    Netcat now listens on specified port.

4) Change your Communication Channel / HTTP Destination to your IP and port:


SOAP Communication ChannelHTTP destination (type H)

   (also disable any SSL, SNC or Proxy, if any)


5) Save and activate

6) Run your connection test again and check netcat´s output:

The highlighted is the user and password header, encoded in base64.

7) Copy the content after Basic and run on some base64 decoder (

And that´s it!

This is one of the reasons that using Basic Authentication is not a good ideia. Using key pair certificate authentication is much more safe.

Labels in this area