WebApp Sec: Re: NTLM and man-in-the-middle proxies not working

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: NTLM and man-in-the-middle proxies not working

From: "Amit Klein (AKsecurity)" <aksecurity () hotpop com>
Date: Tue, 04 Oct 2005 16:39:44 +0200

On 3 Oct 2005 at 19:32, raymond_b_jimenez () yahoo com wrote:

From the tests I've done last week, I can confirm that Burp Proxy effectively deals with the NTLM authentication 
problem.

From what I understand from Ofer Maor's submission

(http://www.securityfocus.com/archive/107/411767/30/0/threaded), Burp does so by doing the 
NTLM authentication ITSELF! i.e. the browser doesn't see the challenge and doesn't send the 
response. 

Indeed, this there is a configuration option in Burp to do just so (in the "comms" tab, 
there's a section called "do www authentication", one of the pulldown options for type is 
"NTLM").

What is more interesting is that even without fixing the NTLM credentials, the browser works with NTLM authentication. 

Interesting. Perhaps you have the "prompt for credentials on authentication failure" option 
turned on by any chance (I think by default it's off, but perhaps you toyed with it?). In 
such case, Burp (not IE) will pop-up an authentication window asking for the details at 
runtime (or should I say "browse-time").

-Amit

By Date By Thread

Current thread:

Re: NTLM and man-in-the-middle proxies not working raymond_b_jimenez (Oct 03)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Oct 04)