Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
NTLMAps, Paros, Burp Breaking during NTLM authentication
Posted by: zatoichi
Date: March 04, 2010 11:47PM

Hi,

The HTTP Header sent in response to a HTTP is request is :

HTTP/1.1 401 Unauthorized
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
Www-Authenticate: Negotiate
Date: Thu, 04 Mar 2010 08:42:08 GMT

NTLMApp is generating this debug info:

*** Server 'Content-Length' found to be 0.
*** Authentication routine started.
*** Got Error 401 - "WWW authentication required".
*** Authentication methods allowed: Negotiate
*** Sent 483 bytes and have to roll back POST/PUT data transfer. (Client's buffer - 0 bytes)
Rollback Done. (Client's buffer - 483 bytes)
*** There are no supported authentication methods in the Web Server response.
*** Passing 401 to client.
*** Authentication routine finished.
*** Sending remote server response header to client...Done.
*** Sent 483 bytes to remote server. (all - 1)
*** Sent ALL the data from client to remote server. (Client buffer - 0 bytes)
*** Resetting client status...Done. (Client buffer - 0 bytes)
*** Resetting remote server status...Done. (Server buffer - 0 bytes)
*** Request completed.
*** Got remote server response header.
*** Remote server header:
=====
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 04 Mar 2010 08:42:08 GMT
Connection: close
Content-Length: 326

*** Exception getting http code from client_head_obj -- remote end closed connection??

Burp is also breaking because of this request?

I am guessing that the since the tag

Www-Authenticate: NTLM is missing, they tool is not able to identify the authentication mechanism.

Is this assumption correct, can anybody please help me in solving the problem?

Options: ReplyQuote


Sorry, only registered users may post in this forum.