Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: NTLM and man-in-the-middle proxies not working

from [Amit Klein (AKsecurity)] Network Security [Permanent Link]
Subject: Re: NTLM and man-in-the-middle proxies not working
Date: Wed, 21 Sep 2005 00:48:11 +0200 
On 20 Sep 2005 at 13:45, Michael Eddington wrote:


That isn't 100% true.  Because NTLM authenticates a TCP connection,
not a web request, a proxy must specifically support NTLM
authentication proxying or bad-things might happen.  To show IE that
this is supported the proxy must set the following header if
WWW-Authenticate header exists:

Proxy-Support: Session-Based-Authentication

this isn't well documented which is why most MITM proxies didn't
support NTLM for a long-ass time.



You're right. This header does take care of things - if IE sees this header, it 
does 
proceed with NTLM authentication. But the few proxy servers I played with 
simply don't use 
this header (as you mentioned above). Anyway - I should have mentioned this 
point in my 
earlier submissions, thanks for the correction.

Of course, this only pertains to forward proxies. Reverse/transparent proxies 
will not be 
visible to IE, and so it will happily engage in NTLM authentication, with 
interesting 
consequences.

As for "well documented" - the whole NTLM authentication scheme has no official 
documentation (AFAIK), so it's no surpirse this header isn't widely known.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: NTLM and man-in-the-middle proxies not working, Michael Eddington
Next by Date:  Re: Chroot jails, Ingo Struck
Previous by Thread:  Re: NTLM and man-in-the-middle proxies not working, Michael Eddington
Next by Thread:  Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity)
Indexes:  [Date] [Thread] [Top] [All Lists]