Authoxy users,

With more and more people using Authoxy in an NTLM environment, the configuration permutations are huge. Supporting every instance is close to impossible, so to streamline the process I've written a simple command line tool, called NTLMMessageDecoder, that takes an NTLM HTTP header and deciphers it into a plain text description. These NTLM HTTP headers appear in the Proxy-Authorization header during the establishment of an NTLM session. They generally look something like this:


GET http://www.hrsoftworks.net/ HTTP/1.1
Accept-Language: en
Connection: keep-alive
Proxy-Connection: keep-alive
Proxy-Authorization: NTLM TVlMTVMNMTUACBABBAB4IIAAAAAAAAAAAAAA=

The "TVlMTVMNMTUACBABBAB4IIAAAAAAAAAAAAAA=" part (which I've made up and is not valid) is the encoded version of the NTLM message. This is the part that can be fed into NTLMMessageDecoder to produce something like:

Type 1
NTLM Flag: Negotiate Unicode
NTLM Flag: Negotiate OEM
NTLM Flag: Request Target
NTLM Flag: Negotiate NTLM
NTLM Flag: Negotiate Always Sign
NTLM Flag: Negotiate NTLM2 Key
Domain: MYDOMAIN
Host: MYHOST

This information is critical to understanding the NTLM process. I've posted the tool at <http://heath.hrsoftworks.net/archives/000217.html> if anyone wishes to do their own investigation. Of course, having the tool available also improves the chances I'll be able to decipher your connection problems in the future too.

Heath
--
 ________________________________________________________
|   Heath Raftery           <[EMAIL PROTECTED]>      |
|   HRSoftWorks             <http://www.hrsoftworks.net> |
|                                                        |
|   *If I were two-faced, would I be wearing this one?*  |
|                                        _\|/_           |
|_______________________________________m(. .)m__________|

Reply via email to