Re: [twsocket] How secure is the NTLM authentication?
On 06-May-05 08:54:32 Marcello Vezzelli wrote: >Maurizio Lotauro wrote: >> Hello, >> >> I made some authentication test with the THttpCli component. I use >> Ethereal to see what the component send and receive. With my big >> surprise, when the component made an authentication using NTLM, >> Ethereal show me the credential as clear text!!! >> At this point the question is: the NTLM is "secure" as Basic? >There is something wrong in your test. Not in my test but in my eyes. WHat will be showed are user and host name :-) Sorry for "false" allarm... [...] >> P.S. A little question to the Ethereal users. Someone know if it is >> possible to monitoring the local tcp traffic? >You mean loopback capture on local interfaces? Exactly. >I think this is not possibile due to a limitation of Windows IP stack. :-( Bye, Maurizio. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] How secure is the NTLM authentication?
AFAIK, Win 98 and ME can use plaintext authentication when the server is configurated to allow plaintext auth. Later Win versions forbid plaintext auth by default (there is some registry value you have to change if you want to enable plaintext authentication). Benjamin Marcello Vezzelli wrote: > Maurizio Lotauro wrote: > > > Hello, > > > > I made some authentication test with the THttpCli component. I use > > Ethereal to see what the component send and receive. With my big > > surprise, when the component made an authentication using NTLM, > > Ethereal show me the credential as clear text!!! > > At this point the question is: the NTLM is "secure" as Basic? > > There is something wrong in your test. > Give a look at this trace. I'm accessing google via ISA proxy with NTLM > auth using Firefox browser. > > GET http://www.google.it/ HTTP/1.1 > Host: www.google.it > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6) > Gecko/20050318 Firefox/1.0.2 > Accept: > text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q= 0.8,image/png,*/*;q=0.5 > Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Proxy-Connection: keep-alive > Cookie: > PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2E b > > HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires > authorization to fulfill the request. Access to the Web Proxy service is > denied. ) > Via: 1.1 ISATEST > Proxy-Authenticate: Negotiate > Proxy-Authenticate: Kerberos > Proxy-Authenticate: NTLM > Proxy-Authenticate: Digest > qop="auth",algorithm=MD5-sess,nonce="a06234931252c501489c22b28ec04ccd70b8681 14600b40fe903b4674aff5653a72e0ac7b8d83e8a",opaque="f2dfc1e7794d3937edfd69ad4 07eca4e",charset=utf-8,realm="E-WORKS" > > Proxy-Authenticate: Basic realm="isatest." > Connection: Keep-Alive > Proxy-Connection: Keep-Alive > Pragma: no-cache > Cache-Control: no-cache > Content-Type: text/html > Content-Length: 4090 > > > [..] > > > GET http://www.google.it/ HTTP/1.1 > Host: www.google.it > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6) > Gecko/20050318 Firefox/1.0.2 > Accept: > text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q= 0.8,image/png,*/*;q=0.5 > Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Proxy-Connection: keep-alive > Cookie: > PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2E b > Proxy-Authorization: NTLM > TlRMTVNDUAABB7IIoAcABwDkBAAEACBWRVpaRS1XT1JLUw== > > HTTP/1.1 407 Proxy Authentication Required ( Access is denied. ) > Via: 1.1 ISATEST > Proxy-Authenticate: NTLM > TlRMTVNTUAACDgAOADgFgomiodYVvVBRS94AADoAOgBGBQLODgA9 FAC0AVwBPAFIASwSTAAIADgBFAC0AVwBPAFIAAwBTAAEADgBJAFMAQQBUAEUAUwBUAAMADgBpAHM AYQB0AGUAcwB0AAA= > > Connection: Keep-Alive > Proxy-Connection: Keep-Alive > Pragma: no-cache > Cache-Control: no-cache > Content-Type: text/html > Content-Length: 0 > > GET http://www.google.it/ HTTP/1.1 > Host: www.google.it > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6) > Gecko/20050318 Firefox/1.0.2 > Accept: > text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q= 0.8,image/png,*/*;q=0.5 > Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Proxy-Connection: keep-alive > Cookie: > PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2E b > Proxy-Authorization: NTLM > TlRMTVNTUAADGAAYAGYYABgAfg4ADgBAEAAQAE4IAAgAXgCW BYKIoEUALQBXAE8AUgBWAFMATQBhAAIAYwBlAGwAbABvAFYARQBaAFoALwtv7CEX+D8A xtB3ZA6A2cblXkuvt/w6NB4WhDBm9wV8 > > HTTP/1.1 200 OK > Via: 1.1 ISATEST > Connection: Keep-Alive > Proxy-Connection: Keep-Alive > Transfer-Encoding: chunked > Date: Fri, 06 May 2005 07:49:12 GMT > Content-Type: text/html > Server: GWS/2.1 > Cache-Control: private > > a22 > Google
Re: [twsocket] How secure is the NTLM authentication?
Maurizio Lotauro wrote: Hello, I made some authentication test with the THttpCli component. I use Ethereal to see what the component send and receive. With my big surprise, when the component made an authentication using NTLM, Ethereal show me the credential as clear text!!! At this point the question is: the NTLM is "secure" as Basic? There is something wrong in your test. Give a look at this trace. I'm accessing google via ISA proxy with NTLM auth using Firefox browser. GET http://www.google.it/ HTTP/1.1 Host: www.google.it User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Cookie: PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2Eb HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. ) Via: 1.1 ISATEST Proxy-Authenticate: Negotiate Proxy-Authenticate: Kerberos Proxy-Authenticate: NTLM Proxy-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="a06234931252c501489c22b28ec04ccd70b868114600b40fe903b4674aff5653a72e0ac7b8d83e8a",opaque="f2dfc1e7794d3937edfd69ad407eca4e",charset=utf-8,realm="E-WORKS" Proxy-Authenticate: Basic realm="isatest." Connection: Keep-Alive Proxy-Connection: Keep-Alive Pragma: no-cache Cache-Control: no-cache Content-Type: text/html Content-Length: 4090 [..] GET http://www.google.it/ HTTP/1.1 Host: www.google.it User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Cookie: PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2Eb Proxy-Authorization: NTLM TlRMTVNDUAABB7IIoAcABwDkBAAEACBWRVpaRS1XT1JLUw== HTTP/1.1 407 Proxy Authentication Required ( Access is denied. ) Via: 1.1 ISATEST Proxy-Authenticate: NTLM TlRMTVNTUAACDgAOADgFgomiodYVvVBRS94AADoAOgBGBQLODgA9FAC0AVwBPAFIASwSTAAIADgBFAC0AVwBPAFIAAwBTAAEADgBJAFMAQQBUAEUAUwBUAAMADgBpAHMAYQB0AGUAcwB0AAA= Connection: Keep-Alive Proxy-Connection: Keep-Alive Pragma: no-cache Cache-Control: no-cache Content-Type: text/html Content-Length: 0 GET http://www.google.it/ HTTP/1.1 Host: www.google.it User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Cookie: PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2Eb Proxy-Authorization: NTLM TlRMTVNTUAADGAAYAGYYABgAfg4ADgBAEAAQAE4IAAgAXgCWBYKIoEUALQBXAE8AUgBWAFMATQBhAAIAYwBlAGwAbABvAFYARQBaAFoALwtv7CEX+D8AxtB3ZA6A2cblXkuvt/w6NB4WhDBm9wV8 HTTP/1.1 200 OK Via: 1.1 ISATEST Connection: Keep-Alive Proxy-Connection: Keep-Alive Transfer-Encoding: chunked Date: Fri, 06 May 2005 07:49:12 GMT Content-Type: text/html Server: GWS/2.1 Cache-Control: private a22 Google
[twsocket] How secure is the NTLM authentication?
Hello, I made some authentication test with the THttpCli component. I use Ethereal to see what the component send and receive. With my big surprise, when the component made an authentication using NTLM, Ethereal show me the credential as clear text!!! At this point the question is: the NTLM is "secure" as Basic? Bye, Maurizio. P.S. A little question to the Ethereal users. Someone know if it is possible to monitoring the local tcp traffic? -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be