> Hi, > > I read your blog post, interesting stuff. The strings the client sends > seem to be base64 encoded and the first part on both messages look like > this (in nano/vi): > > NTLMSSP > > It's followed by this, which is apparently the message type hex string: > > ^@^A^@^@^@ > > After this they differ noticeably. I'd guess they are just sending > different NTLM flags: > > > > Can somebody more fluent in NTLM protocol decipher these two messages? > > -- > Samuli Sepp?nen > Community Manager > OpenVPN Technologies, Inc > > irc freenode net: mattock > Firefox uses the following flags: #define NTLM_TYPE1_FLAGS \ (NTLM_NegotiateUnicode | \ NTLM_NegotiateOEM | \ NTLM_RequestTarget | \ NTLM_NegotiateNTLMKey | \ NTLM_NegotiateAlwaysSign | \ NTLM_NegotiateNTLM2Key)
take a look here for more informations: http://hg.mozilla.org/releases/mozilla-1.9.2/file/d1c0b2c4ac7a/security/manager/ssl/src/nsNTLMAuthModule.cppI hope that's may helps. vittorio
