WebApp Sec mailing list archives
Re: NTLM and man-in-the-middle proxies not working
From: raymond_b_jimenez () yahoo com
Date: 26 Sep 2005 22:18:05 -0000
I see several possibilities here: 1-Security Zone This seems one of the best explanations. I've tried fuzzing with the configuration, but no luck. With same configuration on my browser, doesn't explain why mine works on my demo network but not on the client. 2-"Enable IWA (requires restart)" option in IE->Tools->Internet Option->Advanced. This would seem another clear option. But once again, this option doesn't work on the client side. 3-Network definitions Some bizarre option could define what is a sort of Intranet. Same subnetwork vs. differrent network. Subnetworks are pretty the same in my test network and at the client. I intend to change my demo network to exactly the same addresses at the client. 4-Group policy Another possibility, as my computer doesn't have an exact same behaviour on the client side as a browser belonging to the client domain. THis could also relate to the fact that at the client, users are typically logged on to the domain when access is made. But once again, doesn't explain why connecting though a proxy should change this. 5-Special Headers Rogan talked about the proxy introduced headers. I recall seing that at the client, but also doesn't explain why the same browser with the same proxy sometimes works and others not. Seems probably there are at least two of the above messing with the results. I'll be checking on the client side again this week. Will make network captures to detail the information being sent. Any suggestions I may try them (like testing it with Webscarab) and then will post conclusions back. rj -----Original Message-----
Quoting "Amit Klein (AKsecurity)" <aksecurity () hotpop com>: WebScarab did not (and does not currently) set the "Proxy-Support" header mentioned below, so there seems to be some inconsistency here.
Yes, this is pretty weird. We definitely have inconsistent reports from credible sources. Perhaps this has something to do with the seurity zone? or some obscure configuration of IE? I think Raymond is in a good position to find out, because he experiences both phenoma (if I understand correctly). -Amit
Current thread:
- Re: NTLM and man-in-the-middle proxies not working, (continued)
- Re: NTLM and man-in-the-middle proxies not working raymond_b_jimenez (Sep 15)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 16)
- Re: NTLM and man-in-the-middle proxies not working Eoin Keary (Sep 19)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 19)
- Re: NTLM and man-in-the-middle proxies not working Michael Eddington (Sep 20)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 20)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 16)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 21)
- Re: NTLM and man-in-the-middle proxies not working lists (Sep 22)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 22)
- Re: NTLM and man-in-the-middle proxies not working raymond_b_jimenez (Sep 15)
- RE: NTLM and man-in-the-middle proxies not working Ofer Maor (Sep 27)