mOses, On Tue, Jun 30, 2009 at 12:34 PM, mOses<trklis...@networksamurai.org> wrote: > Andres, > > On Jun 30, 2009, at 7:57 AM, Andres Riancho wrote: > >> mOses, >> >> On Tue, Jun 30, 2009 at 12:11 AM, mOses<trklis...@networksamurai.org> >> wrote: >>> >>> Andres, >>> >>> There are no such things as stupid questions. So I'll just put this out >>> there. I am seeing in the options map where I can apply a 'save' in order >>> to >>> safe the NTLM Authentication settings. This is *NOT* in the >>> urlOpenSettings.py file I sent you ealier today, this is something I am >>> now >>> working on. >>> >>> What I get when I try and save the username (or password) is the >>> following: >>> >>> File "C:\Program Files\w3af\core\data\url\urlOpenerSettings.py", line >>> 477, >>> in >>> setOptions >>> self.setNtlmAuth( optionsMap['ntlmAuthUser'].getValue(), >>> optionsMap['ntlmAu >>> thPass'].getValue() ) >>> TypeError: setNtlmAuth() takes exactly 4 arguments (3 given) >> >> For what I can see, you're missing a parameter. >> I think that setNtlmAuth should take user, pass, url; and you're only >> sending user and pass. >> > > Yes I corrected it now. NTLM Authentication doesn't 'require' that the URL > be set within the file really. By that I mean that BASIC authentication > requires that the format be <proto>:\\<username>:<password>@url however NTLM > authentication is passed with a regular url and the authentication is called > after the fact. So the new definition removes the requirement for url > >>>> def setNtlmAuth(None, user, password) > > However the error I am getting now is: > > NameError: global name 'HTTPNtlmAuthHandler' is not defined > > Now this strikes me as odd because the new import being: > >>>> import extlib.ntlm.HTTPNtlmAuthHandler > > and the HTTPNtlmAuthHandler.py file has a class that follows: > >>>> class HTTPNtlmAuthHandler(AbstractNtlmAuthHandler, urllib2.BaseHandler): > > I am not sure why this is happening. I am going to include a patch and diff > file so that everyone can also see what s going on.
Yes, sorry... this was my bad. When I modified the import I left this: import core.data.url.handlers.HTTPNtlmAuthHandler Which should have been: import core.data.url.handlers.HTTPNtlmAuthHandler as HTTPNtlmAuthHandler > > > > By the way, the way I did the diff was: diff <newfile> <oldfile> >> diffifle > > Is that the right way or is it the other way arround? Patches should be performed against THE LATEST VERSION of the file, which is in the trunk. Please contact me at the w3af IRC channel for more directions :) Cheers, > Moses > >>> Now basically I know that under setNtlmAuth I have the following: >>> >>> self._password_mgr.add_password(None, url, username, password) >>> >>> Now when I looked at the code[0] on their site it just shows this >>> example: >>> >>> user = 'DOMAIN\User' >>> password = "Password" >>> url = "http://ntlmprotectedserver/securedfile.html"; >>> >>> Now the 'url' parameter w3af will pass into it I assume using the >>> self._ulib >>> parameter ( i think ). >> >> No, self._ulib is another thing. >> I think that you should take a look at the basicAuthDomain setting in >> urlOpenerSettings. The same idea should be used for NTLM >> authentication. >> >>> Any thoughts? >>> >>> M >>> >>> [0] http://code.google.com/p/python-ntlm >>> >>> On Jun 21, 2009, at 10:24 PM, Andres Riancho wrote: >>> >>> >>> >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Andrés Riancho >>>> Founder, Bonsai - Information Security >>>> http://www.bonsai-sec.com/ >>>> http://w3af.sf.net/ >>> >>> >> >> >> >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ > > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
