Maurizio Lotauro wrote:
Hello,
I made some authentication test with the THttpCli component. I use
Ethereal to see what the component send and receive. With my big
surprise, when the component made an authentication using NTLM,
Ethereal show me the credential as clear text!!!
At this point the question is: the NTLM is secure as Basic?
There is something wrong in your test.
Give a look at this trace. I'm accessing google via ISA proxy with NTLM
auth using Firefox browser.
GET http://www.google.it/ HTTP/1.1
Host: www.google.it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6)
Gecko/20050318 Firefox/1.0.2
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie:
PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2Eb
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy service is
denied. )
Via: 1.1 ISATEST
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Kerberos
Proxy-Authenticate: NTLM
Proxy-Authenticate: Digest
qop=auth,algorithm=MD5-sess,nonce=a06234931252c501489c22b28ec04ccd70b868114600b40fe903b4674aff5653a72e0ac7b8d83e8a,opaque=f2dfc1e7794d3937edfd69ad407eca4e,charset=utf-8,realm=E-WORKS
Proxy-Authenticate: Basic realm=isatest.
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 4090
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
[..]
/HTML
GET http://www.google.it/ HTTP/1.1
Host: www.google.it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6)
Gecko/20050318 Firefox/1.0.2
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie:
PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2Eb
Proxy-Authorization: NTLM
TlRMTVNDUAABB7IIoAcABwDkBAAEACBWRVpaRS1XT1JLUw==
HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
Via: 1.1 ISATEST
Proxy-Authenticate: NTLM
TlRMTVNTUAACDgAOADgFgomiodYVvVBRS94AADoAOgBGBQLODgA9FAC0AVwBPAFIASwSTAAIADgBFAC0AVwBPAFIAAwBTAAEADgBJAFMAQQBUAEUAUwBUAAMADgBpAHMAYQB0AGUAcwB0AAA=
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 0
GET http://www.google.it/ HTTP/1.1
Host: www.google.it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6)
Gecko/20050318 Firefox/1.0.2
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie:
PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2Eb
Proxy-Authorization: NTLM
TlRMTVNTUAADGAAYAGYYABgAfg4ADgBAEAAQAE4IAAgAXgCWBYKIoEUALQBXAE8AUgBWAFMATQBhAAIAYwBlAGwAbABvAFYARQBaAFoALwtv7CEX+D8AxtB3ZA6A2cblXkuvt/w6NB4WhDBm9wV8
HTTP/1.1 200 OK
Via: 1.1 ISATEST
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Date: Fri, 06 May 2005 07:49:12 GMT
Content-Type: text/html
Server: GWS/2.1
Cache-Control: private
a22
htmlheadmeta http-equiv=content-type content=text/html;
charset=UTF-8titleGoogle/titlestyle!--
[..]
/html
0
P.S. A little question to the Ethereal users. Someone know if it is
possible to monitoring the local tcp traffic?
You mean loopback capture on local interfaces?
I think this is not possibile due to a limitation of Windows IP stack.
Regards
--
Marcello Vezzelli
CTO
Software Development Department
E-Works s.r.l.
tel. +39 059 2929081
fax +39 059 2925035
Direzionale 70 - Via Giardini 456/c
41100 Modena - Italy
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be