Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: NTLM and man-in-the-middle proxies not working

from [raymond_b_jimenez] Network Security [Permanent Link]
Subject: Re: NTLM and man-in-the-middle proxies not working
Date: 26 Sep 2005 22:18:05 -0000 
I see several possibilities here:

1-Security Zone
This seems one of the best explanations. I've tried fuzzing with the 
configuration, but no luck. With same configuration on my browser, doesn't 
explain why mine works on my demo network but not on the client.

2-"Enable IWA (requires restart)" option in IE->Tools->Internet 
Option->Advanced.
This would seem another clear option. But once again, this option doesn't work 
on the client side.

3-Network definitions
Some bizarre option could define what is a sort of Intranet. Same subnetwork 
vs. differrent network. Subnetworks are pretty the same in my test network and 
at the client. I intend to change my demo network to exactly the same addresses 
at the client.

4-Group policy
Another possibility, as my computer doesn't have an exact same behaviour on the 
client side as a browser belonging to the client domain. THis could also relate 
to the fact that at the client, users are typically logged on to the domain 
when access is made. But once again, doesn't explain why connecting though a 
proxy should change this.

5-Special Headers
Rogan talked about the proxy introduced headers. I recall seing that at the 
client, but also doesn't explain why the same browser with the same proxy 
sometimes works and others not.

Seems probably there are at least two of the above messing with the results. 
I'll be checking on the client side again this week. Will make network captures 
to detail the information being sent. Any suggestions I may try them (like 
testing it with Webscarab) and then will post conclusions back.

rj

-----Original Message-----


Quoting "Amit Klein (AKsecurity)" <aksecurity@hotpop.com>:


WebScarab did not (and does not currently) set the "Proxy-Support" 
header mentioned below, so there seems to be some inconsistency here.



Yes, this is pretty weird. We definitely have inconsistent reports from 
credible sources. 
Perhaps this has something to do with the seurity zone? or some obscure 
configuration of IE? I think Raymond is in a good position to find out, because 
he experiences both phenoma (if I understand correctly).

-Amit
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Almost Here!!: 2nd US OWASP AppSec Conference - Oct 11-12 - Near DC, Dave Wichers
Next by Date:  RE: NTLM and man-in-the-middle proxies not working, Ofer Maor
Previous by Thread:  RE: NTLM and man-in-the-middle proxies not working, raymond_b_jimenez
Next by Thread:  RE: NTLM and man-in-the-middle proxies not working, Ofer Maor
Indexes:  [Date] [Thread] [Top] [All Lists]