Nathaniel, On Mon, Mar 25, 2013 at 6:15 PM, Nathaniel Cole <[email protected]>wrote:
> I have reviewed the manual, looked through postings and am having some > issues with setting up Auth credentials for an internal site that utilizes > NTLMv2. I’m currently setting all the correct credentials in the HTTP > Config under NTLM but wasn’t sure if this would work for NTLMv2. Does > anyone know how I would go about doing this? > For what I can see in our tests [0] and source code [1], it seems that we only support ntlm_v1 , BUT I'm not 100% sure about this. What I can tell you is that we support ntlmv1, and that it's tested and works. Regarding ntlm v2, the library we use for supporting this is python-ntlm [2] which might be the place to look for support. I would recommend you test w3af against a v2 site, if it works you let us know and we'll be happy to document it :) If it doesn't work, we'll also document that by adding a github issue. [0] https://github.com/andresriancho/w3af/blob/threading2/core/data/url/tests/test_xurllib_integration.py [1] https://github.com/andresriancho/w3af/blob/threading2/core/data/url/handlers/ntlm_auth.py [2] https://code.google.com/p/python-ntlm/ > **** > > ** ** > > *Nathaniel Cole | Information Security Engineer | Jack Henry & Associates* > 10910 W. 87th Street | Lenexa, KS 66214 > Voice: 913.341.3434 | E-mail: [email protected]**** > > [image: Description: Description: Description: > cid:[email protected]]**** > > ** ** > > NOTICE: This electronic mail message and any files transmitted with it are > intended > exclusively for the individual or entity to which it is addressed. The > message, > together with any attachment, may contain confidential and/or privileged > information. > Any unauthorized review, use, printing, saving, copying, disclosure or > distribution > is strictly prohibited. If you have received this message in error, please > immediately advise the sender by reply email and delete all copies. > > > ------------------------------------------------------------------------------ > Own the Future-Intel® Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. > Compete for recognition, cash, and the chance to get your game > on Steam. $5K grand prize plus 10 genre and skill prizes. > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3
<<image001.jpg>>
------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
