RE: NTLM and man-in-the-middle proxies not working

[raymond_b_jimenez () yahoo com]

Checked again my demo environment:

Client:
        IE latest patches
        XP SP1 latest patches
        Client belongs to W2K domain on Server
        Odysseus about: Version 2.0 (Build 71) (almost sure it's 2.0B10)
Server
        W2K latest patches
        IIS 5 latest patches
        IIS only accepts IWA

Client and server are on same subnet. IWA through proxy confirmed by Odysseus, Ethereal and page visualization on IIS.

The scenario you're referring is the one I'm experiencing on the customer :-(

rj

-----Original Message-----
From: Amit Klein (AKsecurity) [mailto:aksecurity () hotpop com] 
Sent: Friday, September 16, 2005 15:52
To: webappsec () securityfocus com; raymond_b_jimenez () yahoo com
Subject: Re: NTLM and man-in-the-middle proxies not working

On 15 Sep 2005 at 15:42, raymond_b_jimenez () yahoo com wrote:

> Most interesting is the fact that IE passes IWA credentials over a proxy. I had put in a demo environment, and I did 
> sucessfully manage to use IE/IWA through a proxy (in this case Odysseus). Just in case, I tested it again and it does 
> pass IWA through proxy.

Weird. I double checked (this time I used Odysseus, 2.0B10), but no good, my IE
(6.0.3790.0) doesn't even ask me for the NTLM credentials when it's configured with a forward proxy. What's your IE 
version? Can other people check this please?