Quoting "Amit Klein (AKsecurity)" <[email protected]>:
> On 19 Sep 2005 at 10:52, Eoin Keary wrote:
> > I find Burp works well for MITM stuff
> From a private correspondence with Eoin, I understand that he didn't use IE
> for this test,
> so this information does not confirm/disprove anything about the phenomenon
> we discuss in
> this thread.
For what it is worth as a data point, Michael Silk has had success in the past
using WebScarab to proxy SPNEGO authentication.
WebScarab did not (and does not currently) set the "Proxy-Support" header
mentioned below, so there seems to be some inconsistency here.
What happens is that the complete negotiation is visible in WebScarab.
Request -> 401 Unauthorised (with auth schemes)
Request (with Negotiate) -> 401 Unauthorised (with a challenge)
Request (with Negotiate) -> 200
repeated for each new connection made.
Subsequent requests in the same connection SHOULD (I have no evidence either
way) not result in the 401's, since it is a connection oriented authentication,
rather than request oriented.
Here is the user-agent string from the log he showed me:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322; .NET CLR 2.0.40607)
Maybe Michael can supply more details? Or maybe someone with access to
appropriate client and server environment (Amit?) could perform some tests
using WebScarab as their proxy?