HTTP HTTP POST POST callback HTTP proxy HTTP proxy NTLM auth NTLM # Server-side HTTP/1.1 401 Authorization Required Server: Apache/1.3.27 (Darwin) PHP/4.1.2 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Type: text/html; charset=iso-8859-1 Content-Length: 26 This is not the real page # this is returned first since we get no proxy-auth HTTP/1.1 401 Authorization Required WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAACGggEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA== Content-Length: 34 Hey you, authenticate or go away! # This is supposed to be returned when the server gets the second # Authorization: NTLM line passed-in from the client HTTP/1.1 200 Things are fine Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 42 Contents of that page you requested, sir. # This is supposed to be returned when the server gets the second # request. HTTP/1.1 200 Things are fine Content-Type: yeah/maybe Content-Length: 42 Contents of that second request. Differn. HTTP/1.1 401 Authorization Required Server: Apache/1.3.27 (Darwin) PHP/4.1.2 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Type: text/html; charset=iso-8859-1 Content-Length: 26 HTTP/1.1 401 Authorization Required WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAACGggEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA== Content-Length: 34 HTTP/1.1 200 Things are fine Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 42 Contents of that page you requested, sir. HTTP/1.1 200 Things are fine Content-Type: yeah/maybe Content-Length: 42 Contents of that second request. Differn. # Client-side http # tool to use lib%TESTNUMBER NTLM !SSPI HTTP with NTLM twice, verify CURLINFO_HTTPAUTH_USED http://%HOSTIP:%HTTPPORT/path/mine http://%HOSTIP:%HTTPPORT/path/%TESTNUMBER0010 # Verify data after the test has been "shot" GET /path/mine HTTP/1.1 Host: %HOSTIP:%HTTPPORT Accept: */* GET /path/mine HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= Accept: */* GET /path/mine HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAAAgACAHAAAAALAAsAcgAAAAAAAAAAAAAAhoIBAAQt1KW5CgG4YdWWcfXyfXBz1ZMCzYp37xYjBiAizmw58O6eQS7yR66eqYGWeSwl9W1lV09SS1NUQVRJT04= Accept: */* GET /path/6940010 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Accept: */*