[WEB SECURITY] SPNEGO based Kerberos with an HTTP proxy
prasad.shenoy at gmail.com
Wed May 27 13:56:30 EDT 2009
Two of the very well know and widely used HTTP proxy servers i.e. Burp and
Paros fail at supporting SPNEGO based Kerberos authentication. I have a few
lines worth of write up on how to make these proxy servers work with
applications requesting SPNEGO/Kerberos tokens (based on information in RFC
4559) even when there is no native support for such mechanism.
With a relatively smaller sized audience that I deal with, this was an
"Aha!!" moment. A proposal of writing an article on this is being discussed
hoping that it would be useful to a greater audience.
I wanted to ping the list and see if this blob be useful for the webappsec
community? I don't want to waste people's precious time by ranting on
something that has already been established and well know by now ;-).
If there is interest, please let me know and I will put some nice and simple
writeup together (I promise I will include colorful screen shots) :-)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity