A issue was noted when using net-creds to parse HTTP traffic that were being sent to a proxy that required NTLM authentication. net-creds would be able to successfully parse and display the NETNTLMv2 response, however the the challenge would be replaced with the text CHALLENGE NOT FOUND. This problem was traced to two different issues:
1) The parse_http_line function would call the parse_ntlm_chal function. The arguments for this call was swapped around.
2)The headers_to_dict function incorrectly parsed all HTTP responses. The HTTP line, e.g. HTTP 200 OK, does not contain the ": " substring. This will cause the HTTP line to be incorrectly matched with the next header. This issue cascades, causing an incorrect matching of all header names and their values in the header dictionary. By rewriting the function, and preventing lines without the ": " substring from being assigned to another header, it was possible to fix this issue, such that HTTP response are correctly parsed.
Using this version, one can correctly parse NETNTLMv2 challenge/responses sent in HTTP/Proxy authentication, thereby fixing the CHALLENGE NOT FOUND issue.
A issue was noted when using net-creds to parse HTTP traffic that were being sent to a proxy that required NTLM authentication. net-creds would be able to successfully parse and display the NETNTLMv2 response, however the the challenge would be replaced with the text CHALLENGE NOT FOUND. This problem was traced to two different issues: 1) The parse_http_line function would call the parse_ntlm_chal function. The arguments for this call was swapped around. 2)The headers_to_dict function incorrectly parsed all HTTP responses. The HTTP line, e.g. HTTP 200 OK, does not contain the ": " substring. This will cause the HTTP line to be incorrectly matched with the next header. This issue cascades, causing an incorrect matching of all header names and their values in the header dictionary. By rewriting the function, and preventing lines without the ": " substring from being assigned to another header, it was possible to fix this issue, such that HTTP response are correctly parsed.
Using this version, one can correctly parse NETNTLMv2 challenge/responses sent in HTTP/Proxy authentication, thereby fixing the CHALLENGE NOT FOUND issue.