[WEB SECURITY] SPNEGO based Kerberos with an HTTP proxy

[Prasad Shenoy]

Two of the very well know and widely used HTTP proxy servers i.e. Burp and
Paros fail at supporting SPNEGO based Kerberos authentication. I have a few
lines worth of write up on how to make these proxy servers work with
applications requesting SPNEGO/Kerberos tokens (based on information in RFC
4559) even when there is no native support for such mechanism.
With a relatively smaller sized audience that I deal with, this was an
"Aha!!" moment. A proposal of writing an article on this is being discussed
hoping that it would be useful to a greater audience.

I wanted to ping the list and see if this blob be useful for the webappsec
community? I don't want to waste people's precious time by ranting on
something that has already been established and well know by now ;-).

If there is interest, please let me know and I will put some nice and simple
writeup together (I promise I will include colorful screen shots) :-)

Thanks
Prasad Shenoy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090527/c270b026/attachment.html>