Fixed headers_to_dict such that HTTP responses are correctly parsed. … #26
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…Also fixed an incorrect call to parse_ntlm_chal. This allows one to correctly parse NETNTLMv2 challenge/responses sent in HTTP/Proxy authentication, thereby fixing the CHALLENGE NOT FOUND issue.
randomwalksp
added a commit
to sensepost/net-creds
that referenced
this pull request
Feb 19, 2018
Merge pull request DanMcInerney#26 from sensepost/master
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A issue was noted when using net-creds to parse HTTP traffic that were being sent to a proxy that required NTLM authentication. net-creds would be able to successfully parse and display the NETNTLMv2 response, however the the challenge would be replaced with the text CHALLENGE NOT FOUND. This problem was traced to two different issues:
2)The headers_to_dict function incorrectly parsed all HTTP responses. The HTTP line, e.g. HTTP 200 OK, does not contain the ": " substring. This will cause the HTTP line to be incorrectly matched with the next header. This issue cascades, causing an incorrect matching of all header names and their values in the header dictionary. By rewriting the function, and preventing lines without the ": " substring from being assigned to another header, it was possible to fix this issue, such that HTTP response are correctly parsed.
Using this version, one can correctly parse NETNTLMv2 challenge/responses sent in HTTP/Proxy authentication, thereby fixing the CHALLENGE NOT FOUND issue.