WebApp Sec mailing list archives
RE: check authentication-methods
From: "Dennis Hurst" <dennis () hurstinc com>
Date: Sun, 15 Jun 2003 00:16:47 -0400
Thomas, You could just Telnet to the web server on port 80 and send a simple GET / request, then look at the headers that come back. Here an example of what comes back from IIS. Server: Microsoft-IIS/5.0 Date: Sun, 15 Jun 2003 04:15:03 GMT WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 4431 Content-Type: text/html The WWW-Authenticate: NTLM header tells you it's asking for NTLM. If it's using basic it will have BASIC in the header. Here's how I did it At a command prompt type: telnet <your web server> 80 <press enter> You will get a blank screen, type GET / <press enter> You will get the headers dumped back to you. Hope this helps. Have a great day, Dennis Hurst dhurst () spidynamics com SPI Labs -----Original Message----- From: Thomas Springer [mailto:tuev () serveraudit net] Sent: Friday, June 13, 2003 7:00 AM To: webappsec () securityfocus com Subject: check authentication-methods Anybody knows a tool (prefferably win32) to check, wich 401-authentication-methods are supported by a webserver (i.e. basic, ntlm)? thomas springer tuev-sueddeutschland it-security Thomas Springer
Current thread:
- check authentication-methods Thomas Springer (Jun 13)
- RE: check authentication-methods Dennis Hurst (Jun 15)
- <Possible follow-ups>
- RE: check authentication-methods Joe - (Jun 17)
- RE: check authentication-methods Death Star (Jun 17)
- Re: check authentication-methods andric cheung (Jun 18)