WebApp Sec mailing list archives

Re: NTLM and man-in-the-middle proxies not working

From: raymond_b_jimenez () yahoo com
Date: 26 Sep 2005 22:18:05 -0000

I see several possibilities here:

1-Security Zone
This seems one of the best explanations. I've tried fuzzing with the configuration, but no luck. With same
configuration on my browser, doesn't explain why mine works on my demo network but not on the client.

2-"Enable IWA (requires restart)" option in IE->Tools->Internet Option->Advanced.
This would seem another clear option. But once again, this option doesn't work on the client side.

3-Network definitions
Some bizarre option could define what is a sort of Intranet. Same subnetwork vs. differrent network. Subnetworks are
pretty the same in my test network and at the client. I intend to change my demo network to exactly the same addresses
at the client.

4-Group policy
Another possibility, as my computer doesn't have an exact same behaviour on the client side as a browser belonging to
the client domain. THis could also relate to the fact that at the client, users are typically logged on to the domain
when access is made. But once again, doesn't explain why connecting though a proxy should change this.

5-Special Headers
Rogan talked about the proxy introduced headers. I recall seing that at the client, but also doesn't explain why the
same browser with the same proxy sometimes works and others not.

Seems probably there are at least two of the above messing with the results. I'll be checking on the client side again
this week. Will make network captures to detail the information being sent. Any suggestions I may try them (like
testing it with Webscarab) and then will post conclusions back.

-----Original Message-----

Quoting "Amit Klein (AKsecurity)" <aksecurity () hotpop com>:


WebScarab did not (and does not currently) set the "Proxy-Support" 
header mentioned below, so there seems to be some inconsistency here.


Yes, this is pretty weird. We definitely have inconsistent reports from credible sources. 
Perhaps this has something to do with the seurity zone? or some obscure configuration of IE? I think Raymond is in a 
good position to find out, because he experiences both phenoma (if I understand correctly).

-Amit

Current thread:

Re: NTLM and man-in-the-middle proxies not working, (continued)
- Re: NTLM and man-in-the-middle proxies not working raymond_b_jimenez (Sep 15)
  - Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 16)
    - Re: NTLM and man-in-the-middle proxies not working Eoin Keary (Sep 19)
    - Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 19)
    - Re: NTLM and man-in-the-middle proxies not working Michael Eddington (Sep 20)
    - Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 20)
    - Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 21)
    - Re: NTLM and man-in-the-middle proxies not working lists (Sep 22)
    - Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 22)
- RE: NTLM and man-in-the-middle proxies not working raymond_b_jimenez (Sep 20)
- Re: NTLM and man-in-the-middle proxies not working raymond_b_jimenez (Sep 26)
  - RE: NTLM and man-in-the-middle proxies not working Ofer Maor (Sep 27)
    - Re: NTLM and man-in-the-middle proxies not working AG (Sep 28)