Anyone using WebInject with NTLM?
718 views
Skip to first unread message
Simon
Jul 26, 2010, 2:23:50 PM7/26/10
to WebInject
Great to see a new group for WebInject. I'm interested in hearing from
people who are using WebInject with NTLM. This recipe looks promising:
http://www.webinject.org/cgi-bin/forums/YaBB.cgi?board=Users;action=display;num=1175163697
but I've not yet tried to. Anyone currently doing this got
suggestions?
-Simon
corey goldberg
Jul 26, 2010, 2:29:56 PM7/26/10
to WebInject
> people who are using WebInject with NTLM.
Hi Simon,
I have never personally used NTLM with WebInject, but I think some
people have hacks that made it work.
Hopefully someone will post to this thread once this group gets some
more traffic. If I find anything else, I'll post here.
-Corey
sni
Jul 30, 2010, 7:26:37 AM7/30/10
to WebInject
On Jul 26, 8:29 pm, corey goldberg <cgoldb...@gmail.com> wrote:
> I have never personally used NTLM with WebInject, but I think some
> people have hacks that made it work.
It should work if you install the LWP::Authen::Ntlm Module. In newer
> I have never personally used NTLM with WebInject, but I think some
> people have hacks that made it work.
version of LWP, the LWP::Authen::Ntlm is already included. So it
should work out of the box.
But, there seems to be a problem with authentication in general.
Webinject sets the max_redirect to 0, so LWP will not make any
redirect. But the normal Basic Auth
works like this.
Client sends request and receives a 401. It then sends the same
request with an auth header and gets the 200 OK.
But this only works if max_redirect is at least 1.
I will publish a fixed version of webinject in the next days.
Sven
Lipstars
Aug 19, 2010, 2:49:24 AM8/19/10
to WebInject
Hi all,
I got some troubles using NTLM with Webinject :(. I took your updated
plugin Sven you gave there http://groups.google.com/group/webinject/browse_thread/thread/c726d6c0af36343c
but couldn't make it works with me :s.
There are my conf. files and my logs :
config.xml:
<testcasefile>testcases.xml</testcasefile>
<useragent>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.7)
Gecko/20100713 Firefox/3.6.7</useragent>
<break_on_errors>1</break_on_errors>
<httpauth>http://www.myurl.com:80::mylogin:mypassword</httpauth>
<max_redirect>5</max_redirect>
<globaltimeout>10</globaltimeout>
<globalhttplog>onfail</globalhttplog>
testcases.xml:
<testcases repeat="1">
<case
id="1"
description1="verify word 1"
method="get"
url="http://www.myurl.com"
verifypositive="Documentation"
errormessage="Verif 1 erreur"
logrequest="yes"
logresponse="yes"
/>
<case
id="2"
description1="verify word 2"
method="get"
url="http://www.myurl.com"
verifypositive="Packs"
errormessage="Verif 2 error"
logrequest="yes"
logresponse="yes"
/>
</testcases>
And finally the beginning of my http.log:
GET http://www.myurl.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
1.9.2.7) Gecko/20100713 Firefox/3.6.7
HTTP/1.1 401 Unauthorized
Date: Wed, 18 Aug 2010 08:42:45 GMT
Server: Microsoft-IIS/7.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 1293
Content-Type: text/html
Client-Date: Wed, 18 Aug 2010 08:41:57 GMT
Client-Peer: XX.XX.XX.XX:80
Client-Response-Num: 1
Client-Warning: Unsupported authentication scheme 'negotiate'
Title: 401 - Unauthorized: Access is denied due to invalid
credentials.
Nevertheless I tried some hacks given on webinject's previous forum
(Simon's url). I correctly installed Authen::NTLM but i can't make it
work. I also tried that script to see if my NTLM works :
#!/bin/bash
PROG=/usr/bin/curl
HOST="http://www.myurl.com"
USER="myuser"
PASSWORD="mypass"
FILE=/tmp/check_http_ntlm
HALT=200
$PROG -s -S --ntlm -D $FILE -u $USER:$PASSWORD $HOST > /dev/null
STATUS=`grep -w 200 $FILE | awk '{ print $0 }'`
grep -q -w $HALT $FILE
if [ $? -eq 0 ]
then
echo "$STATUS|ntlm=0;1;0;0"
else echo "Unable to login!|ntlm=1;1;0;0"
exit 2
fi
And it works fine...
I certainly did some mistakes in my webinject conf files but i'm new
with it :s... Have someone an idea ?
I got some troubles using NTLM with Webinject :(. I took your updated
plugin Sven you gave there http://groups.google.com/group/webinject/browse_thread/thread/c726d6c0af36343c
but couldn't make it works with me :s.
There are my conf. files and my logs :
config.xml:
<testcasefile>testcases.xml</testcasefile>
<useragent>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.7)
Gecko/20100713 Firefox/3.6.7</useragent>
<break_on_errors>1</break_on_errors>
<httpauth>http://www.myurl.com:80::mylogin:mypassword</httpauth>
<max_redirect>5</max_redirect>
<globaltimeout>10</globaltimeout>
<globalhttplog>onfail</globalhttplog>
testcases.xml:
<testcases repeat="1">
<case
id="1"
description1="verify word 1"
method="get"
url="http://www.myurl.com"
verifypositive="Documentation"
errormessage="Verif 1 erreur"
logrequest="yes"
logresponse="yes"
/>
<case
id="2"
description1="verify word 2"
method="get"
url="http://www.myurl.com"
verifypositive="Packs"
errormessage="Verif 2 error"
logrequest="yes"
logresponse="yes"
/>
</testcases>
And finally the beginning of my http.log:
GET http://www.myurl.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
1.9.2.7) Gecko/20100713 Firefox/3.6.7
HTTP/1.1 401 Unauthorized
Date: Wed, 18 Aug 2010 08:42:45 GMT
Server: Microsoft-IIS/7.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 1293
Content-Type: text/html
Client-Date: Wed, 18 Aug 2010 08:41:57 GMT
Client-Peer: XX.XX.XX.XX:80
Client-Response-Num: 1
Client-Warning: Unsupported authentication scheme 'negotiate'
Title: 401 - Unauthorized: Access is denied due to invalid
credentials.
Nevertheless I tried some hacks given on webinject's previous forum
(Simon's url). I correctly installed Authen::NTLM but i can't make it
work. I also tried that script to see if my NTLM works :
#!/bin/bash
PROG=/usr/bin/curl
HOST="http://www.myurl.com"
USER="myuser"
PASSWORD="mypass"
FILE=/tmp/check_http_ntlm
HALT=200
$PROG -s -S --ntlm -D $FILE -u $USER:$PASSWORD $HOST > /dev/null
STATUS=`grep -w 200 $FILE | awk '{ print $0 }'`
grep -q -w $HALT $FILE
if [ $? -eq 0 ]
then
echo "$STATUS|ntlm=0;1;0;0"
else echo "Unable to login!|ntlm=1;1;0;0"
exit 2
fi
And it works fine...
I certainly did some mistakes in my webinject conf files but i'm new
with it :s... Have someone an idea ?
Sven Nierlein
Aug 19, 2010, 10:23:11 AM8/19/10
to webi...@googlegroups.com
On 08/19/10 08:49, Lipstars wrote:
> Hi all,
>
> I got some troubles using NTLM with Webinject :(. I took your updated
> plugin Sven you gave there http://groups.google.com/group/webinject/browse_thread/thread/c726d6c0af36343c
> but couldn't make it works with me :s.
> Hi all,
>
> I got some troubles using NTLM with Webinject :(. I took your updated
> plugin Sven you gave there http://groups.google.com/group/webinject/browse_thread/thread/c726d6c0af36343c
> but couldn't make it works with me :s.
unfortunately i don't have any possibility to test ntlm authentication anywhere.
Sven
Lipstars
Aug 20, 2010, 3:26:45 AM8/20/10
to WebInject
On 08/19/10 16:23, Sven Nierlein <s...@nierlein.de> wrote:
> On 08/19/10 08:49, Lipstars wrote:
>
> > Hi all,
>
> > I got some troubles using NTLM with Webinject :(. I took your updated
> > plugin Sven you gave therehttp://groups.google.com/group/webinject/browse_thread/thread/c726d6c...
> On 08/19/10 08:49, Lipstars wrote:
>
> > Hi all,
>
> > I got some troubles using NTLM with Webinject :(. I took your updated
> > but couldn't make it works with me :s.
>
> unfortunately i don't have any possibility to test ntlm authentication anywhere.
>
> Sven
Does anyone made webinject works with NTLM ?
>
> unfortunately i don't have any possibility to test ntlm authentication anywhere.
>
> Sven
I spent a long time on Google searching for a solution but no one got
the same... or they just say which module to install but not how to
use it with Webinject afterwards.
This is one example :
http://www.mularien.com/blog/2008/03/27/automate-ntlm-authenticated-web-service-testing-with-webinject/
And another... : http://www.webinject.org/cgi-bin/forums/YaBB.cgi?board=Users;action=display;num=1175163697
Due to previous forum problems i also can't read this one :s :
http://www.webinject.org/cgi-bin/forums/YaBB.cgi?board=Development;action=display;num=1185818423
Well, apparently there are different solutions but I can't really make
one works.
If someone knows... :)
Reply all
Reply to author
Forward
0 new messages