Authoxy users,
With more and more people using Authoxy in an NTLM environment, the
configuration permutations are huge. Supporting every instance is
close to impossible, so to streamline the process I've written a
simple command line tool, called NTLMMessageDecoder, that takes an
NTLM HTTP header and deciphers it into a plain text description. These
NTLM HTTP headers appear in the Proxy-Authorization header during the
establishment of an NTLM session. They generally look something like
this:
GET http://www.hrsoftworks.net/ HTTP/1.1
Accept-Language: en
Connection: keep-alive
Proxy-Connection: keep-alive
Proxy-Authorization: NTLM TVlMTVMNMTUACBABBAB4IIAAAAAAAAAAAAAA=
The "TVlMTVMNMTUACBABBAB4IIAAAAAAAAAAAAAA=" part (which I've made up
and is not valid) is the encoded version of the NTLM message. This is
the part that can be fed into NTLMMessageDecoder to produce something
like:
Type 1
NTLM Flag: Negotiate Unicode
NTLM Flag: Negotiate OEM
NTLM Flag: Request Target
NTLM Flag: Negotiate NTLM
NTLM Flag: Negotiate Always Sign
NTLM Flag: Negotiate NTLM2 Key
Domain: MYDOMAIN
Host: MYHOST
This information is critical to understanding the NTLM process. I've
posted the tool at <http://heath.hrsoftworks.net/archives/000217.html>
if anyone wishes to do their own investigation. Of course, having the
tool available also improves the chances I'll be able to decipher your
connection problems in the future too.
Heath
--
________________________________________________________
| Heath Raftery <[EMAIL PROTECTED]> |
| HRSoftWorks <http://www.hrsoftworks.net> |
| |
| *If I were two-faced, would I be wearing this one?* |
| _\|/_ |
|_______________________________________m(. .)m__________|
