Re: NTLM and man-in-the-middle proxies not working

["Amit Klein (AKsecurity)" <aksecurity () hotpop com>]

On 3 Oct 2005 at 19:32, raymond_b_jimenez () yahoo com wrote:

> From the tests I've done last week, I can confirm that Burp Proxy effectively deals with the NTLM authentication 
> problem. 

> From what I understand from Ofer Maor's submission 
(http://www.securityfocus.com/archive/107/411767/30/0/threaded), Burp does so by doing the 
NTLM authentication ITSELF! i.e. the browser doesn't see the challenge and doesn't send the 
response. 

Indeed, this there is a configuration option in Burp to do just so (in the "comms" tab, 
there's a section called "do www authentication", one of the pulldown options for type is 
"NTLM").

What is more interesting is that even without fixing the NTLM credentials, the browser works with NTLM authentication. 

Interesting. Perhaps you have the "prompt for credentials on authentication failure" option 
turned on by any chance (I think by default it's off, but perhaps you toyed with it?). In 
such case, Burp (not IE) will pop-up an authentication window asking for the details at 
runtime (or should I say "browse-time").

-Amit