[email protected]
[Top] [All Lists]

Re: NTLM and man-in-the-middle proxies not working

Subject: Re: NTLM and man-in-the-middle proxies not working
Date: Thu, 22 Sep 2005 08:50:02 -0400
Quoting "Amit Klein (AKsecurity)" <aksecurity@xxxxxxxxxx>:

> On 19 Sep 2005 at 10:52, Eoin Keary wrote:
> > I find Burp works well for MITM stuff
> > 
> From a private correspondence with Eoin, I understand that he didn't use IE
> for this test, 
> so this information does not confirm/disprove anything about the phenomenon
> we discuss in 
> this thread.

For what it is worth as a data point, Michael Silk has had success in the past
using WebScarab to proxy SPNEGO authentication.

WebScarab did not (and does not currently) set the "Proxy-Support" header
mentioned below, so there seems to be some inconsistency here.

What happens is that the complete negotiation is visible in WebScarab. 
Request -> 401 Unauthorised (with auth schemes)
Request (with Negotiate) -> 401 Unauthorised (with a challenge)
Request (with Negotiate) -> 200

repeated for each new connection made.

Subsequent requests in the same connection SHOULD (I have no evidence either
way) not result in the 401's, since it is a connection oriented authentication,
rather than request oriented.

Here is the user-agent string from the log he showed me:

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322; .NET CLR 2.0.40607)

Maybe Michael can supply more details? Or maybe someone with access to
appropriate client and server environment (Amit?) could perform some tests
using WebScarab as their proxy?



<Prev in Thread] Current Thread [Next in Thread>