WebApp Sec mailing list archives
Re: NTLM and man-in-the-middle proxies not working
From: "Amit Klein (AKsecurity)" <aksecurity () hotpop com>
Date: Wed, 21 Sep 2005 00:48:11 +0200
On 20 Sep 2005 at 13:45, Michael Eddington wrote:
That isn't 100% true. Because NTLM authenticates a TCP connection, not a web request, a proxy must specifically support NTLM authentication proxying or bad-things might happen. To show IE that this is supported the proxy must set the following header if WWW-Authenticate header exists: Proxy-Support: Session-Based-Authentication this isn't well documented which is why most MITM proxies didn't support NTLM for a long-ass time.
You're right. This header does take care of things - if IE sees this header, it does proceed with NTLM authentication. But the few proxy servers I played with simply don't use this header (as you mentioned above). Anyway - I should have mentioned this point in my earlier submissions, thanks for the correction. Of course, this only pertains to forward proxies. Reverse/transparent proxies will not be visible to IE, and so it will happily engage in NTLM authentication, with interesting consequences. As for "well documented" - the whole NTLM authentication scheme has no official documentation (AFAIK), so it's no surpirse this header isn't widely known.
Current thread:
- NTLM and man-in-the-middle proxies not working raymond_b_jimenez (Sep 14)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 14)
- <Possible follow-ups>
- Re: NTLM and man-in-the-middle proxies not working raymond_b_jimenez (Sep 15)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 16)
- Re: NTLM and man-in-the-middle proxies not working Eoin Keary (Sep 19)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 19)
- Re: NTLM and man-in-the-middle proxies not working Michael Eddington (Sep 20)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 20)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 16)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 21)
- Re: NTLM and man-in-the-middle proxies not working lists (Sep 22)
- Re: NTLM and man-in-the-middle proxies not working Amit Klein (AKsecurity) (Sep 22)
- RE: NTLM and man-in-the-middle proxies not working Ofer Maor (Sep 27)