Just performed some additional testing and am unable to get NTLMv2 to work with w3af. Tried a couple of different sites and was unable to authenticate to the site to complete the testing via w3af. Thanks for the help
From: Andres Riancho [mailto:andres.rian...@gmail.com] Sent: Tuesday, March 26, 2013 7:24 AM To: Nathaniel Cole Cc: w3af-users@lists.sourceforge.net Subject: Re: [W3af-users] NTLMv2 Authentication Nathaniel, On Mon, Mar 25, 2013 at 6:15 PM, Nathaniel Cole <nac...@jackhenry.com<mailto:nac...@jackhenry.com>> wrote: I have reviewed the manual, looked through postings and am having some issues with setting up Auth credentials for an internal site that utilizes NTLMv2. I'm currently setting all the correct credentials in the HTTP Config under NTLM but wasn't sure if this would work for NTLMv2. Does anyone know how I would go about doing this? For what I can see in our tests [0] and source code [1], it seems that we only support ntlm_v1 , BUT I'm not 100% sure about this. What I can tell you is that we support ntlmv1, and that it's tested and works. Regarding ntlm v2, the library we use for supporting this is python-ntlm [2] which might be the place to look for support. I would recommend you test w3af against a v2 site, if it works you let us know and we'll be happy to document it :) If it doesn't work, we'll also document that by adding a github issue. [0] https://github.com/andresriancho/w3af/blob/threading2/core/data/url/tests/test_xurllib_integration.py [1] https://github.com/andresriancho/w3af/blob/threading2/core/data/url/handlers/ntlm_auth.py [2] https://code.google.com/p/python-ntlm/ Nathaniel Cole | Information Security Engineer | Jack Henry & Associates 10910 W. 87th Street | Lenexa, KS 66214 Voice: 913.341.3434 | E-mail: nac...@jackhenry.com<mailto:nac...@jackhenry.com> [Description: Description: Description: cid:image001.jpg@01CC05A6.13022740] NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net<mailto:W3af-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/w3af-users -- AndrĂ©s Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies.
<<inline: image001.jpg>>
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
