Maurizio Lotauro wrote:
Hello,
I made some authentication test with the THttpCli component. I use Ethereal to see what the component send and receive. With my big surprise, when the component made an authentication using NTLM, Ethereal show me the credential as clear text!!! At this point the question is: the NTLM is "secure" as Basic?
There is something wrong in your test.
Give a look at this trace. I'm accessing google via ISA proxy with NTLM auth using Firefox browser.
GET http://www.google.it/ HTTP/1.1
Host: www.google.it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6) Gecko/20050318 Firefox/1.0.2
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2Eb
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. )
Via: 1.1 ISATEST
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Kerberos
Proxy-Authenticate: NTLM
Proxy-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="a06234931252c501489c22b28ec04ccd70b868114600b40fe903b4674aff5653a72e0ac7b8d83e8a",opaque="f2dfc1e7794d3937edfd69ad407eca4e",charset=utf-8,realm="E-WORKS"
Proxy-Authenticate: Basic realm="isatest."
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 4090
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> [..] </HTML>
GET http://www.google.it/ HTTP/1.1
Host: www.google.it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6) Gecko/20050318 Firefox/1.0.2
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2Eb
Proxy-Authorization: NTLM TlRMTVNDUAABAAAAB7IIoAcABwDkAAAABAAEACAAAABWRVpaRS1XT1JLUw==
HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
Via: 1.1 ISATEST
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAADgAOADgAAAAFgomiodYVvVBRS94AAAAAAAAAADoAOgBGAAAABQLODgAAAAA9FAC0AVwBPAFIASwSTAAIADgBFAC0AVwBPAFIAAwBTAAEADgBJAFMAQQBUAEUAUwBUAAMADgBpAHMAYQB0AGUAcwB0AAAAAAA=
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 0
GET http://www.google.it/ HTTP/1.1
Host: www.google.it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6) Gecko/20050318 Firefox/1.0.2
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: PREF=ID=14b8e3b92271573e:LD=it:TM=1101140627:LM=1101140629:S=n9UsGUmI-I7Ub2Eb
Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGYAAAAYABgAfgAAAA4ADgBAAAAAEAAQAE4AAAAIAAgAXgAAAAAAAACWAAAABYKIoEUALQBXAE8AUgBWAFMATQBhAAIAYwBlAGwAbABvAFYARQBaAFoALwtv7CEX+D8AAAAAAAAAAAAAAAAAAAAAxtB3ZA6A2cblXkuvt/w6NB4WhDBm9wV8
HTTP/1.1 200 OK Via: 1.1 ISATEST Connection: Keep-Alive Proxy-Connection: Keep-Alive Transfer-Encoding: chunked Date: Fri, 06 May 2005 07:49:12 GMT Content-Type: text/html Server: GWS/2.1 Cache-Control: private
a22
<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google</title><style><!--
[..]
</html>
0
P.S. A little question to the Ethereal users. Someone know if it is possible to monitoring the local tcp traffic?
You mean loopback capture on local interfaces? I think this is not possibile due to a limitation of Windows IP stack.
Regards -- Marcello Vezzelli CTO Software Development Department E-Works s.r.l. tel. +39 059 2929081 fax +39 059 2925035 Direzionale 70 - Via Giardini 456/c 41100 Modena - Italy
-- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
