401 response while fuzzing an application using NTLM credentials in ZAP 1.4

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Configuring an application which uses NTLM credentials
2. Provide the username and passwords
3. Try to fuzz any of the parameters in the requests

What is the expected output? What do you see instead?
It should return 200 OK, instead returning 401 Unauthorized. Not sure, why the 
tool was not passing the NTLM credentials to the server.

What version of the product are you using? On what operating system?
ZAP 1.4 at Win XP SP3

Please provide any additional information below.

While doing one assessment, we faced one issue of our ZAP proxy throwing 
response ‘401 Unauthorized’ while we were trying to fuzz one application. 
The application was using NTLM authentication, where the client needs to send 
the domain name, username and user-password’s hash combination to the server, 
in order to entertain the requests. 

Original issue reported on code.google.com by nileshku...@gmail.com on 8 Mar 2013 at 4:24

Attachments:

• a.bmp

[GoogleCodeExporter]

Does this affect ZAP 2.x?

This issue is over a year stale, if it is not updated by 20140719 it will be 
closed.

Original comment by kingtho...@gmail.com on 13 Jul 2014 at 8:21

• Added labels: STALE-20140719

[GoogleCodeExporter]

Original comment by kingtho...@gmail.com on 21 Jul 2014 at 1:07

• Changed state: InsufficientEvidence