Bad Windows Auth handling

Brought to you by: dansut

#271 Bad Windows Auth handling

Milestone: Design

Status: open

Owner: nobody

Labels: HTTP Capture (42)

Priority: 5

Updated: 2013-02-14

Created: 2003-04-30

Creator: Jerome Delamarche

Private: No

The script generated by the Modeler when the session
requires a login/password cannot be replayed
successfully.

The Server first challenges for a "Basic" authentification,
then it turns this auth. into a NTLM auth.

The generated script includes statements such as:

BUILD AUTHENTICATION BLOB &
FOR BASIC &
FROM USER "admin" PASSWORD "" DOMAIN "" &
INTO blob_2_1

and further:

Load Response_Info Header on 3 &
Into blob_3_0 &
,WITH "WWW-Authenticate"

BUILD AUTHENTICATION BLOB &
FOR NTLM &
FROM BLOB blob_3_0 &
INTO blob_3_0

But requests are all denied by the Web server.
IIS server just require a valid user for itself, it does not
belong to a Windows Domain.

Discussion

Jerome Delamarche - 2003-04-30

Sample of non working script

BEADEV-ASP1.HTP

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Brian Collins - 2005-06-23

Logged In: YES
user_id=1214182

Also note that the space declared for NTLM blobs is 256
CHARACTERS, but HTTP www-authenticate responses have
been seen larger than this. I manually edit the generated
declarations to 512 CHARACTERs to get it to work (mostly).

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

samuel greene - 2008-08-20

Logged In: YES
user_id=2187702
Originator: NO

I would love to see this fixed. I know us windows folks aren't supposed to use open source products though...

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.