AFAIK, Win 98 and ME can use plaintext authentication when the server is
configurated to allow plaintext auth. Later Win versions forbid plaintext
auth by default (there is some registry value you have to change if you want
to enable plaintext authentication).


Benjamin


Marcello Vezzelli wrote:

> Maurizio Lotauro wrote:
>
> > Hello,
> >
> > I made some authentication test with the THttpCli component. I use
> > Ethereal to see what the component send and receive. With my big
> > surprise, when the component made an authentication using NTLM,
> > Ethereal show me the credential as clear text!!!
> > At this point the question is: the NTLM is "secure" as Basic?
>
> There is something wrong in your test.
> Give a look at this trace. I'm accessing google via ISA proxy with NTLM
> auth using Firefox browser.
>
> GET http://www.google.it/ HTTP/1.1
> Host: www.google.it
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6)
> Gecko/20050318 Firefox/1.0.2
> Accept:
>
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
> Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Proxy-Connection: keep-alive
> Cookie:
>
PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2E
b
>
> HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
> authorization to fulfill the request. Access to the Web Proxy service is
> denied.  )
> Via: 1.1 ISATEST
> Proxy-Authenticate: Negotiate
> Proxy-Authenticate: Kerberos
> Proxy-Authenticate: NTLM
> Proxy-Authenticate: Digest
>
qop="auth",algorithm=MD5-sess,nonce="a06234931252c501489c22b28ec04ccd70b8681
14600b40fe903b4674aff5653a72e0ac7b8d83e8a",opaque="f2dfc1e7794d3937edfd69ad4
07eca4e",charset=utf-8,realm="E-WORKS"
>
> Proxy-Authenticate: Basic realm="isatest."
> Connection: Keep-Alive
> Proxy-Connection: Keep-Alive
> Pragma: no-cache
> Cache-Control: no-cache
> Content-Type: text/html
> Content-Length: 4090
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> [..]
> </HTML>
>
> GET http://www.google.it/ HTTP/1.1
> Host: www.google.it
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6)
> Gecko/20050318 Firefox/1.0.2
> Accept:
>
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
> Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Proxy-Connection: keep-alive
> Cookie:
>
PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2E
b
> Proxy-Authorization: NTLM
> TlRMTVNDUAABAAAAB7IIoAcABwDkAAAABAAEACAAAABWRVpaRS1XT1JLUw==
>
> HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )
> Via: 1.1 ISATEST
> Proxy-Authenticate: NTLM
>
TlRMTVNTUAACAAAADgAOADgAAAAFgomiodYVvVBRS94AAAAAAAAAADoAOgBGAAAABQLODgAAAAA9
FAC0AVwBPAFIASwSTAAIADgBFAC0AVwBPAFIAAwBTAAEADgBJAFMAQQBUAEUAUwBUAAMADgBpAHM
AYQB0AGUAcwB0AAAAAAA=
>
> Connection: Keep-Alive
> Proxy-Connection: Keep-Alive
> Pragma: no-cache
> Cache-Control: no-cache
> Content-Type: text/html
> Content-Length: 0
>
> GET http://www.google.it/ HTTP/1.1
> Host: www.google.it
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6)
> Gecko/20050318 Firefox/1.0.2
> Accept:
>
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
> Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Proxy-Connection: keep-alive
> Cookie:
>
PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2E
b
> Proxy-Authorization: NTLM
>
TlRMTVNTUAADAAAAGAAYAGYAAAAYABgAfgAAAA4ADgBAAAAAEAAQAE4AAAAIAAgAXgAAAAAAAACW
AAAABYKIoEUALQBXAE8AUgBWAFMATQBhAAIAYwBlAGwAbABvAFYARQBaAFoALwtv7CEX+D8AAAAA
AAAAAAAAAAAAAAAAxtB3ZA6A2cblXkuvt/w6NB4WhDBm9wV8
>
> HTTP/1.1 200 OK
> Via: 1.1 ISATEST
> Connection: Keep-Alive
> Proxy-Connection: Keep-Alive
> Transfer-Encoding: chunked
> Date: Fri, 06 May 2005 07:49:12 GMT
> Content-Type: text/html
> Server: GWS/2.1
> Cache-Control: private
>
> a22
> <html><head><meta http-equiv="content-type" content="text/html;
> charset=UTF-8"><title>Google</title><style><!--
> [..]
> </html>
> 0
>
> > P.S. A little question to the Ethereal users. Someone know if it is
> > possible to monitoring the local tcp traffic?
>
> You mean loopback capture on local interfaces?
> I think this is not possibile due to a limitation of Windows IP stack.
>
> Regards
> -- 
> Marcello Vezzelli
> CTO
> Software Development Department
> E-Works s.r.l.
> tel. +39 059 2929081
> fax +39 059 2925035
> Direzionale 70 - Via Giardini 456/c
> 41100 Modena - Italy
>
> -- 
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://www.elists.org/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be



-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to