WebApp Sec mailing list archives
Re: NTLM and man-in-the-middle proxies not working
From: Michael Eddington <meddington () gmail com>
Date: Tue, 20 Sep 2005 13:45:03 -0700
That isn't 100% true. Because NTLM authenticates a TCP connection, not a web request, a proxy must specifically support NTLM authentication proxying or bad-things might happen. To show IE that this is supported the proxy must set the following header if WWW-Authenticate header exists: Proxy-Support: Session-Based-Authentication this isn't well documented which is why most MITM proxies didn't support NTLM for a long-ass time. mike On 9/19/05, Amit Klein (AKsecurity) <aksecurity () hotpop com> wrote:
On 19 Sep 2005 at 10:52, Eoin Keary wrote:I find Burp works well for MITM stuffWith IE and NTLM? What version (maybe an old one)? The phenomenon I was talking about was actually observed 4 years ago. From a Squid-Dev posting by Chemolli Francesco (USI), Mon, 20 Aug 2001 (http://www.squid-cache.org/mail-archive/squid-dev/200108/0152.html): "It is worth noticing that recent version of MS Internet Explorer WILL NOT EVEN ATTEMPT to perform NTLM authentication if a proxy is in use to reach the destination host." And I also verified this on IE 6.0 SP2 (WinXP SP2). -AmitOn 16/09/05, Amit Klein (AKsecurity) <aksecurity () hotpop com> wrote:On 15 Sep 2005 at 15:42, raymond_b_jimenez () yahoo com wrote:Most interesting is the fact that IE passes IWA credentials over a proxy. I had put in a demo environment, and I did sucessfully manage to use IE/IWA through a proxy (in this case Odysseus). Just in case, I tested it again and it does pass IWA through proxy.Weird. I double checked (this time I used Odysseus, 2.0B10), but no good, my IE (6.0.3790.0) doesn't even ask me for the NTLM credentials when it's configured with a forward proxy. What's your IE version? Can other people check this please?
Current thread:
- NTLM and man-in-the-middle proxies not working raymond_b_jimenez (Sep 14)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 14)
- <Possible follow-ups>
- Re: NTLM and man-in-the-middle proxies not working raymond_b_jimenez (Sep 15)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 16)
- Re: NTLM and man-in-the-middle proxies not working Eoin Keary (Sep 19)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 19)
- Re: NTLM and man-in-the-middle proxies not working Michael Eddington (Sep 20)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 20)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 16)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 21)
- Re: NTLM and man-in-the-middle proxies not working lists (Sep 22)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 22)
- RE: NTLM and man-in-the-middle proxies not working Ofer Maor (Sep 27)