Re: NTLM and man-in-the-middle proxies not working

On 19 Sep 2005 at 10:52, Eoin Keary wrote:

> I find Burp works well for MITM stuff

With IE and NTLM? What version (maybe an old one)?

The phenomenon I was talking about was actually observed 4 years ago.

> From a Squid-Dev posting by Chemolli Francesco (USI), Mon, 20 Aug 2001 
(http://www.squid-cache.org/mail-archive/squid-dev/200108/0152.html):

"It is worth noticing that recent version of MS Internet Explorer 
WILL NOT EVEN ATTEMPT to perform NTLM authentication if a proxy 
is in use to reach the destination host."

And I also verified this on IE 6.0 SP2 (WinXP SP2).

-Amit

> On 16/09/05, Amit Klein (AKsecurity) <aksecurity@hotpop.com> wrote:
> > On 15 Sep 2005 at 15:42, raymond_b_jimenez@yahoo.com wrote:
> >
> > > Most interesting is the fact that IE passes IWA credentials over a proxy. 
> > > I had put in a demo environment, and I did sucessfully manage to use 
> > > IE/IWA through a proxy (in this case Odysseus). Just in case, I tested it 
> > > again and it does pass IWA through proxy.
> >
> > Weird. I double checked (this time I used Odysseus, 2.0B10), but no good, 
> > my IE
> > (6.0.3790.0) doesn't even ask me for the NTLM credentials when it's 
> > configured with a
> > forward proxy. What's your IE version? Can other people check this please?