Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: NTLM and man-in-the-middle proxies not working

from [lists] Network Security [Permanent Link]
Subject: Re: NTLM and man-in-the-middle proxies not working
Date: Thu, 22 Sep 2005 08:50:02 -0400 
Quoting "Amit Klein (AKsecurity)" <aksecurity@hotpop.com>:


On 19 Sep 2005 at 10:52, Eoin Keary wrote:


I find Burp works well for MITM stuff



From a private correspondence with Eoin, I understand that he didn't use IE
for this test, 
so this information does not confirm/disprove anything about the phenomenon
we discuss in 
this thread.


For what it is worth as a data point, Michael Silk has had success in the past
using WebScarab to proxy SPNEGO authentication.

WebScarab did not (and does not currently) set the "Proxy-Support" header
mentioned below, so there seems to be some inconsistency here.

What happens is that the complete negotiation is visible in WebScarab. 
i.e. 
Request -> 401 Unauthorised (with auth schemes)
Request (with Negotiate) -> 401 Unauthorised (with a challenge)
Request (with Negotiate) -> 200

repeated for each new connection made.

Subsequent requests in the same connection SHOULD (I have no evidence either
way) not result in the 401's, since it is a connection oriented authentication,
rather than request oriented.

Here is the user-agent string from the log he showed me:

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322; .NET CLR 2.0.40607)

Maybe Michael can supply more details? Or maybe someone with access to
appropriate client and server environment (Amit?) could perform some tests
using WebScarab as their proxy?

Regards,

Rogan
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity)
Next by Date:  HTTP Request Smuggling - ERRATA (the IIS 48K buffer phenomenon), Amit Klein (AKsecurity)
Previous by Thread:  Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity)
Next by Thread:  Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity)
Indexes:  [Date] [Thread] [Top] [All Lists]