Set Context Authentication Method type "http/ntlm Authentication"
834 views
Skip to first unread message
Gaurav Sharma
Apr 21, 2016, 3:41:59 AM4/21/16
to OWASP ZAP User Group
Hi,
I have created an Security Automation test suite using ZAP Java Client API. I have the set the context for "form based authentication" and it works successfully but I am unable to set the context for "http/ntlm Authentication".
Can someone let me know the key value for "http/ntlm Authentication" method?
Can someone please help me to set context using client API.
Also, can someone help me to handle NTLM Authentication of website for security scan.
Thanks in advance..!! :)
Thanks,
Gaurav Sharma
thc...@gmail.com
Apr 21, 2016, 4:10:50 AM4/21/16
to zaprox...@googlegroups.com
Hi.
The method is identified with:
httpAuthentication
(You can obtain the names of the authentication methods with
http://zap/JSON/authentication/view/getSupportedAuthenticationMethods/ [1])
and its fields are:
hostname
realm
port
(You can obtain the names of fields with
http://zap/JSON/authentication/view/getAuthenticationMethodConfigParams/?authMethodName=httpAuthentication
[1])
The session management method is identified with:
httpAuthSessionManagement
(
http://localhost:8119/JSON/sessionManagement/view/getSupportedSessionManagementMethods/
[2] )
The HTTP/NTLM authentication method is set the same way as the
form-based authentication method.
[1] https://github.com/zaproxy/zaproxy/wiki/ApiGen_authentication
[2] https://github.com/zaproxy/zaproxy/wiki/ApiGen_sessionManagement
Best regards.
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
The method is identified with:
httpAuthentication
(You can obtain the names of the authentication methods with
http://zap/JSON/authentication/view/getSupportedAuthenticationMethods/ [1])
and its fields are:
hostname
realm
port
(You can obtain the names of fields with
http://zap/JSON/authentication/view/getAuthenticationMethodConfigParams/?authMethodName=httpAuthentication
[1])
The session management method is identified with:
httpAuthSessionManagement
(
http://localhost:8119/JSON/sessionManagement/view/getSupportedSessionManagementMethods/
[2] )
The HTTP/NTLM authentication method is set the same way as the
form-based authentication method.
[1] https://github.com/zaproxy/zaproxy/wiki/ApiGen_authentication
[2] https://github.com/zaproxy/zaproxy/wiki/ApiGen_sessionManagement
Best regards.
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Gaurav Sharma
Apr 21, 2016, 5:58:26 AM4/21/16
to OWASP ZAP User Group
Hi Thanks for the reply..
I am able to set the Context now for "http/ntlm Authentication" method.
But Application does not accept the authentication which we have set in context.
When we run the ajax spider, it ask for user credential.
Please find the screenshot for the same.
Thanks,
Gaurav Sharma
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
thc...@gmail.com
Apr 21, 2016, 8:07:18 AM4/21/16
to zaprox...@googlegroups.com
Hi.
Does the host and port set in the context's authentication exactly match
the ones of the target?
Did you set context's session management to "Http Authentication Session
Management"?
Did you enable "Forced User" mode before starting the AJAX Spider? [1]
[1]
https://github.com/zaproxy/zap-core-help/wiki/HelpUiTltoolbar#--force-user-mode-on--off
Best regards.
> > <mailto:zaproxy-user...@googlegroups.com>.
Does the host and port set in the context's authentication exactly match
the ones of the target?
Did you set context's session management to "Http Authentication Session
Management"?
Did you enable "Forced User" mode before starting the AJAX Spider? [1]
[1]
https://github.com/zaproxy/zap-core-help/wiki/HelpUiTltoolbar#--force-user-mode-on--off
Best regards.
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
Gaurav Sharma
Apr 21, 2016, 9:42:23 AM4/21/16
to OWASP ZAP User Group
Hi,
Yes, the host and port set in the context's authentication are exactly match with target
Yes, I have set context's session management to "Http Authentication Session Management"
Yes, I have enabled "Forced User" mode before starting the AJAX Spider
Still I am getting error message and unable to scan the application.
Thanks,
Gaurav Sharma
> > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
thc...@gmail.com
Apr 21, 2016, 10:25:13 AM4/21/16
to zaprox...@googlegroups.com
OK. Could you create and run a stand alone (JavaScript) script [1] with
the following two lines:
org.apache.log4j.Logger.getLogger("httpclient.wire.header").setLevel(org.apache.log4j.Level.DEBUG);
org.apache.log4j.Logger.getLogger("org.apache.commons.httpclient").setLevel(org.apache.log4j.Level.DEBUG);
and then access the target while proxying through ZAP with Forced User
mode enabled?
In the log file (zap.log [2]) it should have something like:
> DEBUG org.apache.commons.httpclient.HttpMethodDirector - Authorization required
> DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor - Supported authentication schemes in the order of preference: [ntlm, digest, basic, ntlm]
> INFO org.apache.commons.httpclient.auth.AuthChallengeProcessor - ntlm authentication scheme selected
> DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor - Using authentication scheme: ntlm
> DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor - Authorization challenge processed
> DEBUG org.apache.commons.httpclient.HttpMethodDirector - Authentication scope: NTLM <any realm>@localhost:80
> DEBUG org.apache.commons.httpclient.HttpMethodDirector - Retry authentication
> DEBUG org.apache.commons.httpclient.HttpMethodBase - Should NOT close connection in response to directive: Keep-Alive
> DEBUG org.apache.commons.httpclient.HttpMethodDirector - Authenticating with NTLM <any realm>@localhost:80
Could you provide that excerpt and other details? (obfuscating any
sensitive data)
[1] https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsScriptsScripts
[2] https://github.com/zaproxy/zaproxy/wiki/FAQconfig
Best regards.
> > > <mailto:zaproxy-user...@googlegroups.com>.
the following two lines:
org.apache.log4j.Logger.getLogger("httpclient.wire.header").setLevel(org.apache.log4j.Level.DEBUG);
org.apache.log4j.Logger.getLogger("org.apache.commons.httpclient").setLevel(org.apache.log4j.Level.DEBUG);
and then access the target while proxying through ZAP with Forced User
mode enabled?
In the log file (zap.log [2]) it should have something like:
> DEBUG org.apache.commons.httpclient.HttpMethodDirector - Authorization required
> DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor - Supported authentication schemes in the order of preference: [ntlm, digest, basic, ntlm]
> INFO org.apache.commons.httpclient.auth.AuthChallengeProcessor - ntlm authentication scheme selected
> DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor - Using authentication scheme: ntlm
> DEBUG org.apache.commons.httpclient.auth.AuthChallengeProcessor - Authorization challenge processed
> DEBUG org.apache.commons.httpclient.HttpMethodDirector - Authentication scope: NTLM <any realm>@localhost:80
> DEBUG org.apache.commons.httpclient.HttpMethodDirector - Retry authentication
> DEBUG org.apache.commons.httpclient.HttpMethodBase - Should NOT close connection in response to directive: Keep-Alive
> DEBUG org.apache.commons.httpclient.HttpMethodDirector - Authenticating with NTLM <any realm>@localhost:80
Could you provide that excerpt and other details? (obfuscating any
sensitive data)
[1] https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsScriptsScripts
[2] https://github.com/zaproxy/zaproxy/wiki/FAQconfig
Best regards.
> > > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > <mailto:zaproxy-user...@googlegroups.com>.
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
Gaurav Sharma
Apr 22, 2016, 4:49:58 AM4/22/16
to OWASP ZAP User Group
Hi,
I have created an standalone script. Here are the results: At highlighted lines re-authentication must be processed but it shows credential provider not available.
Could your please let me know how we can fix this.
2016-04-22 12:59:53,461 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.socket.timeout = 20000
2016-04-22 12:59:53,462 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.connection.stalecheck = true
2016-04-22 12:59:53,462 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}
2016-04-22 12:59:53,462 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-total = 200000
2016-04-22 12:59:53,463 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.socket.timeout = 20000
2016-04-22 12:59:53,463 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.connection.stalecheck = true
2016-04-22 12:59:53,463 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}
2016-04-22 12:59:53,463 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-total = 200000
2016-04-22 12:59:53,464 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.single-cookie-header = false
2016-04-22 12:59:53,464 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.single-cookie-header = false
2016-04-22 12:59:53,464 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = ignoreCookies
2016-04-22 12:59:53,464 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = ignoreCookies
2016-04-22 12:59:53,464 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.version = HTTP/1.0
2016-04-22 12:59:53,465 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.version = HTTP/1.1
2016-04-22 12:59:53,465 [ZAP-QuickStart-AttackThread] DEBUG MultiThreadedHttpConnectionManager - HttpConnectionManager.getConnection: config = HostConfiguration[host=http://10.130.248.59:82], timeout = 0
2016-04-22 12:59:53,465 [ZAP-QuickStart-AttackThread] DEBUG MultiThreadedHttpConnectionManager - Allocating new connection, hostConfig=HostConfiguration[host=http://10.130.248.59:82]
2016-04-22 12:59:53,465 [ZAP-QuickStart-AttackThread] DEBUG HttpConnection - Open connection to 10.130.248.59:82
2016-04-22 12:59:53,473 [ZAP-QuickStart-AttackThread] DEBUG header - >> "GET / HTTP/1.1[\r][\n]"
2016-04-22 12:59:53,473 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodBase - Adding Host request header
2016-04-22 12:59:53,473 [ZAP-QuickStart-AttackThread] DEBUG header - >> "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)[\r][\n]"
2016-04-22 12:59:53,473 [ZAP-QuickStart-AttackThread] DEBUG header - >> "Pragma: no-cache[\r][\n]"
2016-04-22 12:59:53,474 [ZAP-QuickStart-AttackThread] DEBUG header - >> "Cache-Control: no-cache[\r][\n]"
2016-04-22 12:59:53,474 [ZAP-QuickStart-AttackThread] DEBUG header - >> "Content-Length: 0[\r][\n]"
2016-04-22 12:59:53,474 [ZAP-QuickStart-AttackThread] DEBUG header - >> "Host: 10.130.248.59:82[\r][\n]"
2016-04-22 12:59:53,474 [ZAP-QuickStart-AttackThread] DEBUG header - >> "[\r][\n]"
2016-04-22 12:59:53,487 [ZAP-QuickStart-AttackThread] DEBUG header - << "HTTP/1.1 401 Unauthorized[\r][\n]"
2016-04-22 12:59:53,487 [ZAP-QuickStart-AttackThread] DEBUG header - << "Content-Type: text/html[\r][\n]"
2016-04-22 12:59:53,487 [ZAP-QuickStart-AttackThread] DEBUG header - << "Server: Microsoft-IIS/8.0[\r][\n]"
2016-04-22 12:59:53,487 [ZAP-QuickStart-AttackThread] DEBUG header - << "X-Frame-Options: DENY[\r][\n]"
2016-04-22 12:59:53,487 [ZAP-QuickStart-AttackThread] DEBUG header - << "X-XSS-Protection: 1[\r][\n]"
2016-04-22 12:59:53,488 [ZAP-QuickStart-AttackThread] DEBUG header - << "X-Content-Type-Options: nosniff[\r][\n]"
2016-04-22 12:59:53,488 [ZAP-QuickStart-AttackThread] DEBUG header - << "X-Robots-Tag: noindex[\r][\n]"
2016-04-22 12:59:53,488 [ZAP-QuickStart-AttackThread] DEBUG header - << "WWW-Authenticate: Negotiate[\r][\n]"
2016-04-22 12:59:53,488 [ZAP-QuickStart-AttackThread] DEBUG header - << "WWW-Authenticate: NTLM[\r][\n]"
2016-04-22 12:59:53,488 [ZAP-QuickStart-AttackThread] DEBUG header - << "Date: Fri, 22 Apr 2016 07:29:53 GMT[\r][\n]"
2016-04-22 12:59:53,488 [ZAP-QuickStart-AttackThread] DEBUG header - << "Content-Length: 1293[\r][\n]"
2016-04-22 12:59:53,488 [ZAP-QuickStart-AttackThread] DEBUG header - << "[\r][\n]"
2016-04-22 12:59:53,489 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodDirector - Authorization required
2016-04-22 12:59:53,489 [ZAP-QuickStart-AttackThread] DEBUG AuthChallengeProcessor - Supported authentication schemes in the order of preference: [ntlm, digest, basic, ntlm]
2016-04-22 12:59:53,489 [ZAP-QuickStart-AttackThread] INFO AuthChallengeProcessor - ntlm authentication scheme selected
2016-04-22 12:59:53,489 [ZAP-QuickStart-AttackThread] DEBUG AuthChallengeProcessor - Using authentication scheme: ntlm
2016-04-22 12:59:53,489 [ZAP-QuickStart-AttackThread] DEBUG AuthChallengeProcessor - Authorization challenge processed
2016-04-22 12:59:53,489 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodDirector - Authentication scope: NTLM <any realm>@10.130.248.59:82
2016-04-22 12:59:53,489 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodDirector - Credentials required
2016-04-22 12:59:53,489 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodDirector - Credentials provider not available
2016-04-22 12:59:53,490 [ZAP-QuickStart-AttackThread] INFO HttpMethodDirector - No credentials available for NTLM <any realm>@10.130.248.59:82
2016-04-22 12:59:53,490 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodBase - Buffering response body
2016-04-22 12:59:53,490 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodBase - Resorting to protocol version default close connection policy
2016-04-22 12:59:53,490 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodBase - Should NOT close connection, using HTTP/1.1
2016-04-22 12:59:53,490 [ZAP-QuickStart-AttackThread] DEBUG HttpConnection - Releasing connection back to connection manager.
2016-04-22 12:59:53,490 [ZAP-QuickStart-AttackThread] DEBUG MultiThreadedHttpConnectionManager - Freeing connection, hostConfig=HostConfiguration[host=http://10.130.248.59:82]
2016-04-22 12:59:53,491 [ZAP-QuickStart-AttackThread] DEBUG IdleConnectionHandler - Adding connection at: 1461310193491
2016-04-22 12:59:53,491 [ZAP-QuickStart-AttackThread] DEBUG MultiThreadedHttpConnectionManager - Notifying no-one, there are no waiting threads
> > > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
thc...@gmail.com
Apr 22, 2016, 5:37:39 AM4/22/16
to zaprox...@googlegroups.com
Hi.
Some configuration does not seem to be right, then.
Is the target in the defined context?
You did enable Forced User mode before attacking?
Best regards.
On 22/04/16 09:49, Gaurav Sharma wrote:
> Hi,
>
> > > > <mailto:zaproxy-user...@googlegroups.com>.
Some configuration does not seem to be right, then.
Is the target in the defined context?
You did enable Forced User mode before attacking?
Best regards.
On 22/04/16 09:49, Gaurav Sharma wrote:
> Hi,
>
> > > > For more options, visit
> https://groups.google.com/d/optout <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>
> > > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>>.
> > >
> > > --
> > > You received this message because you are subscribed to the
> Google
> > > Groups "OWASP ZAP User Group" group.
> > > To unsubscribe from this group and stop receiving emails
> from it,
> > send
> > > an email to zaproxy-user...@googlegroups.com
> > > <mailto:zaproxy-user...@googlegroups.com>.
> https://groups.google.com/d/optout <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>
> > > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>>.
> > >
> > > --
> > > You received this message because you are subscribed to the
> > > Groups "OWASP ZAP User Group" group.
> > > To unsubscribe from this group and stop receiving emails
> from it,
> > send
> > > an email to zaproxy-user...@googlegroups.com
> > > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > <mailto:zaproxy-user...@googlegroups.com>.
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
Gaurav Sharma
Apr 22, 2016, 5:47:40 AM4/22/16
to OWASP ZAP User Group
Hi,
Yes, I defined the target in context.
Force user mode was enabled before attacking.
Please find attached screenshot of Context.
Thanks,
Gaurav Sharma
> > > > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > > > For more options, visit
> https://groups.google.com/d/optout <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>
> > > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>>.
> > >
> > > --
> > > You received this message because you are subscribed to the
> > > Groups "OWASP ZAP User Group" group.
> > > To unsubscribe from this group and stop receiving emails
> from it,
> > send
> > > an email to zaproxy-user...@googlegroups.com
> > > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
thc...@gmail.com
Apr 22, 2016, 6:01:26 AM4/22/16
to zaprox...@googlegroups.com
OK, and in "Include in Context" panel is the host 10.130.248.59 added as
well? Something like:
http://10.130.248.59:82.*
Best regards.
On 22/04/16 10:47, Gaurav Sharma wrote:
> Hi,
>
> realm>@10.130.248.59:82 <http://10.130.248.59:82>
> <mailto:zaproxy-user...@googlegroups.com>.
> > > > <mailto:zaproxy-user...@googlegroups.com>.
well? Something like:
http://10.130.248.59:82.*
Best regards.
On 22/04/16 10:47, Gaurav Sharma wrote:
> Hi,
>
> > 2016-04-22 12:59:53,489 [ZAP-QuickStart-AttackThread] DEBUG
> > HttpMethodDirector - Credentials required
> > 2016-04-22 12:59:53,489 [ZAP-QuickStart-AttackThread] DEBUG
> > HttpMethodDirector - Credentials provider not available
> > 2016-04-22 12:59:53,490 [ZAP-QuickStart-AttackThread] INFO
> > HttpMethodDirector - No credentials available for NTLM <any
> > realm>@10.130.248.59:82 <http://10.130.248.59:82>
> > HttpMethodDirector - Credentials required
> > 2016-04-22 12:59:53,489 [ZAP-QuickStart-AttackThread] DEBUG
> > HttpMethodDirector - Credentials provider not available
> > 2016-04-22 12:59:53,490 [ZAP-QuickStart-AttackThread] INFO
> > HttpMethodDirector - No credentials available for NTLM <any
> > > > For more options, visit
> https://groups.google.com/d/optout <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>
> > > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>>.
> > >
> > > --
> > > You received this message because you are subscribed to the
> Google
> > > Groups "OWASP ZAP User Group" group.
> > > To unsubscribe from this group and stop receiving emails
> from it,
> > send
> > > an email to zaproxy-user...@googlegroups.com
> > > <mailto:zaproxy-user...@googlegroups.com>.
> https://groups.google.com/d/optout <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>
> > > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>>.
> > >
> > > --
> > > You received this message because you are subscribed to the
> > > Groups "OWASP ZAP User Group" group.
> > > To unsubscribe from this group and stop receiving emails
> from it,
> > send
> > > an email to zaproxy-user...@googlegroups.com
> > > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > <mailto:zaproxy-user...@googlegroups.com>.
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
Gaurav Sharma
Apr 22, 2016, 6:18:38 AM4/22/16
to OWASP ZAP User Group
yes, I already added host in "Include in Context"..
Please find the attached screenshot of complete Context Configuration.
Please let me know if I did something wrong.
Thanks,
Gaurav Sharma
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > > > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > > > For more options, visit
> https://groups.google.com/d/optout <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>
> > > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>>.
> > >
> > > --
> > > You received this message because you are subscribed to the
> > > Groups "OWASP ZAP User Group" group.
> > > To unsubscribe from this group and stop receiving emails
> from it,
> > send
> > > an email to zaproxy-user...@googlegroups.com
> > > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
thc...@gmail.com
Apr 22, 2016, 9:03:26 AM4/22/16
to zaprox...@googlegroups.com
Yeah, the configurations look right.
Are you using the latest ZAP version (2.4.3)?
Do you see in the log the message "INFO User - Authenticating user: ..."?
Best regards.
> > <mailto:zaproxy-user...@googlegroups.com>.
> <mailto:zaproxy-user...@googlegroups.com>.
> > > > <mailto:zaproxy-user...@googlegroups.com>.
Are you using the latest ZAP version (2.4.3)?
Do you see in the log the message "INFO User - Authenticating user: ..."?
Best regards.
> > > > For more options, visit
> https://groups.google.com/d/optout <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>
> > > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>>.
> > >
> > > --
> > > You received this message because you are subscribed to the
> Google
> > > Groups "OWASP ZAP User Group" group.
> > > To unsubscribe from this group and stop receiving emails
> from it,
> > send
> > > an email to zaproxy-user...@googlegroups.com
> > > <mailto:zaproxy-user...@googlegroups.com>.
> https://groups.google.com/d/optout <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>
> > > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>>.
> > >
> > > --
> > > You received this message because you are subscribed to the
> > > Groups "OWASP ZAP User Group" group.
> > > To unsubscribe from this group and stop receiving emails
> from it,
> > send
> > > an email to zaproxy-user...@googlegroups.com
> > > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > <mailto:zaproxy-user...@googlegroups.com>.
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
Gaurav Sharma
Apr 25, 2016, 2:27:56 AM4/25/16
to OWASP ZAP User Group
Hi,
Yes, I am using latest version of ZAP (2.4.3).
In Log it shows the my user in "INFO User - Authenticating user: ..."
Please find the logs below: Please see the highlighted one.
Can we have a call if possible to resolve this issue.
2016-04-25 11:49:31,419 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.socket.timeout = 20000
2016-04-25 11:49:31,420 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.connection.stalecheck = true
2016-04-25 11:49:31,420 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}
2016-04-25 11:49:31,421 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-total = 200000
2016-04-25 11:49:31,421 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.socket.timeout = 20000
2016-04-25 11:49:31,421 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.connection.stalecheck = true
2016-04-25 11:49:31,422 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}
2016-04-25 11:49:31,422 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-total = 200000
2016-04-25 11:49:31,422 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.single-cookie-header = false
2016-04-25 11:49:31,422 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.single-cookie-header = false
2016-04-25 11:49:31,424 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = ignoreCookies
2016-04-25 11:49:31,424 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = ignoreCookies
2016-04-25 11:49:31,424 [ZAP-QuickStart-AttackThread] INFO User - Authenticating user: TestUser25April
2016-04-25 11:49:31,461 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.version = HTTP/1.0
2016-04-25 11:49:31,461 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.version = HTTP/1.1
2016-04-25 11:49:31,461 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = compatibility
2016-04-25 11:49:31,461 [ZAP-QuickStart-AttackThread] DEBUG MultiThreadedHttpConnectionManager - HttpConnectionManager.getConnection: config = HostConfiguration[host=http://10.130.248.59:82], timeout = 0
2016-04-25 11:49:31,461 [ZAP-QuickStart-AttackThread] DEBUG MultiThreadedHttpConnectionManager - Allocating new connection, hostConfig=HostConfiguration[host=http://10.130.248.59:82]
2016-04-25 11:49:31,461 [ZAP-QuickStart-AttackThread] DEBUG HttpConnection - Open connection to 10.130.248.59:82
2016-04-25 11:49:31,464 [ZAP-QuickStart-AttackThread] DEBUG header - >> "GET / HTTP/1.1[\r][\n]"
2016-04-25 11:49:31,464 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodBase - Adding Host request header
2016-04-25 11:49:31,464 [ZAP-QuickStart-AttackThread] DEBUG header - >> "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)[\r][\n]"
2016-04-25 11:49:31,464 [ZAP-QuickStart-AttackThread] DEBUG header - >> "Pragma: no-cache[\r][\n]"
2016-04-25 11:49:31,464 [ZAP-QuickStart-AttackThread] DEBUG header - >> "Cache-Control: no-cache[\r][\n]"
2016-04-25 11:49:31,464 [ZAP-QuickStart-AttackThread] DEBUG header - >> "Content-Length: 0[\r][\n]"
2016-04-25 11:49:31,465 [ZAP-QuickStart-AttackThread] DEBUG header - >> "Host: 10.130.248.59:82[\r][\n]"
2016-04-25 11:49:31,465 [ZAP-QuickStart-AttackThread] DEBUG header - >> "[\r][\n]"
2016-04-25 11:49:31,472 [ZAP-QuickStart-AttackThread] DEBUG header - << "HTTP/1.1 401 Unauthorized[\r][\n]"
2016-04-25 11:49:31,472 [ZAP-QuickStart-AttackThread] DEBUG header - << "Content-Type: text/html[\r][\n]"
2016-04-25 11:49:31,472 [ZAP-QuickStart-AttackThread] DEBUG header - << "Server: Microsoft-IIS/8.0[\r][\n]"
2016-04-25 11:49:31,473 [ZAP-QuickStart-AttackThread] DEBUG header - << "X-Frame-Options: DENY[\r][\n]"
2016-04-25 11:49:31,473 [ZAP-QuickStart-AttackThread] DEBUG header - << "X-XSS-Protection: 1[\r][\n]"
2016-04-25 11:49:31,473 [ZAP-QuickStart-AttackThread] DEBUG header - << "X-Content-Type-Options: nosniff[\r][\n]"
2016-04-25 11:49:31,473 [ZAP-QuickStart-AttackThread] DEBUG header - << "X-Robots-Tag: noindex[\r][\n]"
2016-04-25 11:49:31,473 [ZAP-QuickStart-AttackThread] DEBUG header - << "WWW-Authenticate: Negotiate[\r][\n]"
2016-04-25 11:49:31,473 [ZAP-QuickStart-AttackThread] DEBUG header - << "WWW-Authenticate: NTLM[\r][\n]"
2016-04-25 11:49:31,473 [ZAP-QuickStart-AttackThread] DEBUG header - << "Date: Mon, 25 Apr 2016 06:19:31 GMT[\r][\n]"
2016-04-25 11:49:31,474 [ZAP-QuickStart-AttackThread] DEBUG header - << "Content-Length: 1293[\r][\n]"
2016-04-25 11:49:31,474 [ZAP-QuickStart-AttackThread] DEBUG header - << "[\r][\n]"
2016-04-25 11:49:31,474 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodDirector - Authorization required
2016-04-25 11:49:31,475 [ZAP-QuickStart-AttackThread] DEBUG AuthChallengeProcessor - Supported authentication schemes in the order of preference: [ntlm, digest, basic, ntlm]
2016-04-25 11:49:31,475 [ZAP-QuickStart-AttackThread] INFO AuthChallengeProcessor - ntlm authentication scheme selected
2016-04-25 11:49:31,475 [ZAP-QuickStart-AttackThread] DEBUG AuthChallengeProcessor - Using authentication scheme: ntlm
2016-04-25 11:49:31,475 [ZAP-QuickStart-AttackThread] DEBUG AuthChallengeProcessor - Authorization challenge processed
2016-04-25 11:49:31,475 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodDirector - Authentication scope: NTLM <any realm>@10.130.248.59:82
2016-04-25 11:49:31,476 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodDirector - Credentials required
2016-04-25 11:49:31,476 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodDirector - Credentials provider not available
2016-04-25 11:49:31,476 [ZAP-QuickStart-AttackThread] INFO HttpMethodDirector - No credentials available for NTLM <any realm>@10.130.248.59:82
2016-04-25 11:49:31,476 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodBase - Buffering response body
2016-04-25 11:49:31,477 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodBase - Resorting to protocol version default close connection policy
2016-04-25 11:49:31,477 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodBase - Should NOT close connection, using HTTP/1.1
2016-04-25 11:49:31,477 [ZAP-QuickStart-AttackThread] DEBUG HttpConnection - Releasing connection back to connection manager.
2016-04-25 11:49:31,477 [ZAP-QuickStart-AttackThread] DEBUG MultiThreadedHttpConnectionManager - Freeing connection, hostConfig=HostConfiguration[host=http://10.130.248.59:82]
2016-04-25 11:49:31,477 [ZAP-QuickStart-AttackThread] DEBUG IdleConnectionHandler - Adding connection at: 1461565171477
2016-04-25 11:49:31,477 [ZAP-QuickStart-AttackThread] DEBUG MultiThreadedHttpConnectionManager - Notifying no-one, there are no waiting threads
2016-04-25 11:49:31,477 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.version = HTTP/1.0
2016-04-25 11:49:31,477 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.version = HTTP/1.1
2016-04-25 11:49:31,478 [ZAP-QuickStart-AttackThread] DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = compatibility
2016-04-25 11:49:31,478 [ZAP-QuickStart-AttackThread] DEBUG MultiThreadedHttpConnectionManager - HttpConnectionManager.getConnection: config = HostConfiguration[host=http://10.130.248.59:82], timeout = 0
2016-04-25 11:49:31,480 [ZAP-QuickStart-AttackThread] DEBUG MultiThreadedHttpConnectionManager - Getting free connection, hostConfig=HostConfiguration[host=http://10.130.248.59:82]
2016-04-25 11:49:31,482 [ZAP-QuickStart-AttackThread] DEBUG header - >> "GET / HTTP/1.1[\r][\n]"
2016-04-25 11:49:31,482 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodBase - Adding Host request header
2016-04-25 11:49:31,482 [ZAP-QuickStart-AttackThread] DEBUG header - >> "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)[\r][\n]"
2016-04-25 11:49:31,482 [ZAP-QuickStart-AttackThread] DEBUG header - >> "Pragma: no-cache[\r][\n]"
2016-04-25 11:49:31,482 [ZAP-QuickStart-AttackThread] DEBUG header - >> "Cache-Control: no-cache[\r][\n]"
2016-04-25 11:49:31,483 [ZAP-QuickStart-AttackThread] DEBUG header - >> "Content-Length: 0[\r][\n]"
2016-04-25 11:49:31,483 [ZAP-QuickStart-AttackThread] DEBUG header - >> "Host: 10.130.248.59:82[\r][\n]"
2016-04-25 11:49:31,483 [ZAP-QuickStart-AttackThread] DEBUG header - >> "[\r][\n]"
2016-04-25 11:49:31,486 [ZAP-QuickStart-AttackThread] DEBUG header - << "HTTP/1.1 401 Unauthorized[\r][\n]"
2016-04-25 11:49:31,487 [ZAP-QuickStart-AttackThread] DEBUG header - << "Content-Type: text/html[\r][\n]"
2016-04-25 11:49:31,487 [ZAP-QuickStart-AttackThread] DEBUG header - << "Server: Microsoft-IIS/8.0[\r][\n]"
2016-04-25 11:49:31,487 [ZAP-QuickStart-AttackThread] DEBUG header - << "X-Frame-Options: DENY[\r][\n]"
2016-04-25 11:49:31,487 [ZAP-QuickStart-AttackThread] DEBUG header - << "X-XSS-Protection: 1[\r][\n]"
2016-04-25 11:49:31,487 [ZAP-QuickStart-AttackThread] DEBUG header - << "X-Content-Type-Options: nosniff[\r][\n]"
2016-04-25 11:49:31,487 [ZAP-QuickStart-AttackThread] DEBUG header - << "X-Robots-Tag: noindex[\r][\n]"
2016-04-25 11:49:31,487 [ZAP-QuickStart-AttackThread] DEBUG header - << "WWW-Authenticate: Negotiate[\r][\n]"
2016-04-25 11:49:31,488 [ZAP-QuickStart-AttackThread] DEBUG header - << "WWW-Authenticate: NTLM[\r][\n]"
2016-04-25 11:49:31,488 [ZAP-QuickStart-AttackThread] DEBUG header - << "Date: Mon, 25 Apr 2016 06:19:31 GMT[\r][\n]"
2016-04-25 11:49:31,488 [ZAP-QuickStart-AttackThread] DEBUG header - << "Content-Length: 1293[\r][\n]"
2016-04-25 11:49:31,488 [ZAP-QuickStart-AttackThread] DEBUG header - << "[\r][\n]"
2016-04-25 11:49:31,488 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodDirector - Authorization required
2016-04-25 11:49:31,488 [ZAP-QuickStart-AttackThread] DEBUG AuthChallengeProcessor - Supported authentication schemes in the order of preference: [ntlm, digest, basic, ntlm]
2016-04-25 11:49:31,488 [ZAP-QuickStart-AttackThread] INFO AuthChallengeProcessor - ntlm authentication scheme selected
2016-04-25 11:49:31,488 [ZAP-QuickStart-AttackThread] DEBUG AuthChallengeProcessor - Using authentication scheme: ntlm
2016-04-25 11:49:31,488 [ZAP-QuickStart-AttackThread] DEBUG AuthChallengeProcessor - Authorization challenge processed
2016-04-25 11:49:31,489 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodDirector - Authentication scope: NTLM <any realm>@10.130.248.59:82
2016-04-25 11:49:31,489 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodDirector - Credentials required
2016-04-25 11:49:31,489 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodDirector - Credentials provider not available
2016-04-25 11:49:31,489 [ZAP-QuickStart-AttackThread] INFO HttpMethodDirector - No credentials available for NTLM <any realm>@10.130.248.59:82
2016-04-25 11:49:31,489 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodBase - Buffering response body
2016-04-25 11:49:31,489 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodBase - Resorting to protocol version default close connection policy
2016-04-25 11:49:31,489 [ZAP-QuickStart-AttackThread] DEBUG HttpMethodBase - Should NOT close connection, using HTTP/1.1
2016-04-25 11:49:31,490 [ZAP-QuickStart-AttackThread] DEBUG HttpConnection - Releasing connection back to connection manager.
2016-04-25 11:49:31,490 [ZAP-QuickStart-AttackThread] DEBUG MultiThreadedHttpConnectionManager - Freeing connection, hostConfig=HostConfiguration[host=http://10.130.248.59:82]
2016-04-25 11:49:31,490 [ZAP-QuickStart-AttackThread] DEBUG IdleConnectionHandler - Adding connection at: 1461565171490
2016-04-25 11:49:31,490 [ZAP-QuickStart-AttackThread] DEBUG MultiThreadedHttpConnectionManager - Notifying no-one, there are no waiting threads
> > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> ...
thc...@gmail.com
Apr 25, 2016, 4:23:06 AM4/25/16
to zaprox...@googlegroups.com
Hi.
Could you try authenticate with the realm empty?
There's #websectools channel at irc.mozilla.org for a realtime chat,
would that be ok?
Best regards.
> > > <mailto:zaproxy-user...@googlegroups.com>.
> > ...
Could you try authenticate with the realm empty?
There's #websectools channel at irc.mozilla.org for a realtime chat,
would that be ok?
Best regards.
> > ...
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
Gaurav Sharma
Apr 25, 2016, 5:01:39 AM4/25/16
to OWASP ZAP User Group
Hi,
I tried with to keep realm empty but result was same.
I have logged in to #websectools.
Thanks,
Gaurav Sharma
> <http://zap/JS...
Gaurav Sharma
Apr 26, 2016, 2:18:28 AM4/26/16
to OWASP ZAP User Group
hi thc202,
Any update on NTLM Authentication issue?
Thanks,
Gaurav Sharma
...
Paul J
Mar 31, 2017, 10:50:05 AM3/31/17
to OWASP ZAP User Group
Did you solve this issue?
Thanks!
Guanhua
Hoai Tran
Aug 9, 2023, 3:14:01 AM8/9/23
to ZAP User Group
Hi all,
Today I duplicate thís channel and join it. I am facing the same issue with @gauravs, my Zap tool can not use NTLM authentication. Is anyone can help me with the issue
Thank you a lot.
Thank you a lot.
Vào lúc 21:50:05 UTC+7 ngày Thứ Sáu, 31 tháng 3, 2017, jingg...@gmail.com đã viết:
Reply all
Reply to author
Forward
0 new messages