HTTP HTTP GET HTTP proxy HTTP proxy NTLM auth NTLM # Server-side # This is supposed to be returned when the server gets a first # Authorization: NTLM line passed-in from the client HTTP/1.1 407 Now gimme that second request of crap Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 34 Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAACGggEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA== This is not the real page either! # This is supposed to be returned when the server gets the second # Authorization: NTLM line passed-in from the client HTTP/1.1 200 Things are fine in server land swsclose Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 32 Finally, this is the real page! HTTP/1.1 407 Now gimme that second request of crap Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 34 Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAACGggEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA== HTTP/1.1 200 Things are fine in server land swsclose Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 32 Finally, this is the real page! # Client-side NTLM SSL !SSPI proxy http HTTP with proxy using NTLM authorization http://%HOSTIP:%HTTPPORT/%TESTNUMBER --proxy-user testuser:testpass -x http://%HOSTIP:%HTTPPORT --proxy-ntlm # Verify data after the test has been "shot" GET http://%HOSTIP:%HTTPPORT/%TESTNUMBER HTTP/1.1 Host: %HOSTIP:%HTTPPORT Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= User-Agent: curl/%VERSION Accept: */* Proxy-Connection: Keep-Alive GET http://%HOSTIP:%HTTPPORT/%TESTNUMBER HTTP/1.1 Host: %HOSTIP:%HTTPPORT Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAALAAsAeAAAAAAAAAAAAAAAhoIBAFpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOXRlc3R1c2VyV09SS1NUQVRJT04= User-Agent: curl/%VERSION Accept: */* Proxy-Connection: Keep-Alive