'[WEB SECURITY] SPNEGO based Kerberos with an HTTP proxy'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       websecurity
Subject:    [WEB SECURITY] SPNEGO based Kerberos with an HTTP proxy
From:       Prasad Shenoy <prasad.shenoy () gmail ! com>
Date:       2009-05-27 17:56:30
Message-ID: 43c6c8500905271056t101c2df2hf377fd86a0148f2b () mail ! gmail ! com
[Download RAW message or body]

Two of the very well know and widely used HTTP proxy servers i.e. Burp and
Paros fail at supporting SPNEGO based Kerberos authentication. I have a few
lines worth of write up on how to make these proxy servers work with
applications requesting SPNEGO/Kerberos tokens (based on information in RFC
4559) even when there is no native support for such mechanism.
With a relatively smaller sized audience that I deal with, this was an
"Aha!!" moment. A proposal of writing an article on this is being discussed
hoping that it would be useful to a greater audience.

I wanted to ping the list and see if this blob be useful for the webappsec
community? I don't want to waste people's precious time by ranting on
something that has already been established and well know by now ;-).

If there is interest, please let me know and I will put some nice and simple
writeup together (I promise I will include colorful screen shots) :-)

Thanks
Prasad Shenoy

[Attachment #3 (text/html)]

Two of the very well know and widely used HTTP proxy servers i.e. Burp and =
Paros fail at supporting SPNEGO based Kerberos=A0authentication. I have a f=
ew lines worth of write up on how to make these proxy servers work with app=
lications requesting SPNEGO/Kerberos tokens (based on information in RFC 45=
59) even when there is no native support for such mechanism.<div>
<br></div><div>With a relatively smaller sized audience that I deal with, t=
his was an &quot;Aha!!&quot; moment.=A0A proposal of writing an article on =
this is being discussed hoping that it would be useful to a greater audienc=
e.=A0<br>
</div><div><br></div><div>I wanted to ping the list and see if this blob be=
 useful for the webappsec community? I don&#39;t want to waste people&#39;s=
 precious time by ranting on something that has already been established an=
d well know by now ;-).=A0</div>
<div><br></div><div>If there is interest, please let me know and I will put=
 some nice and simple writeup together (I promise I will include colorful=
=A0screen shots) :-)</div><div><br></div><div>Thanks</div><div>Prasad Sheno=
y<br>
</div><div><br>
</div>


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic