<testcase> <info> <keywords> HTTP HTTP POST HTTP NTLM auth </keywords> </info> # Server-side <reply> # the first request has NTLM type-1 included, and then the 1001 is returned <data1001> HTTP/1.1 200 beng swsclose swsbounce Server: Microsoft-IIS/6.0 Authentication-Info: Passport1.4 tname=MSPAuth,tname=MSPProf,tname=MSPConsent,tname=MSPSecAuth Content-Type: text/html; charset=iso-8859-1 </data1001> # the second request should be auth-less and then this is returned. <data> HTTP/1.1 200 moo swsclose Server: Microsoft-IIS/6.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 16 content for you </data> <datacheck> HTTP/1.1 200 beng swsclose swsbounce Server: Microsoft-IIS/6.0 Authentication-Info: Passport1.4 tname=MSPAuth,tname=MSPProf,tname=MSPConsent,tname=MSPSecAuth Content-Type: text/html; charset=iso-8859-1 HTTP/1.1 200 moo swsclose Server: Microsoft-IIS/6.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 16 content for you </datacheck> </reply> # Client-side <client> <features> NTLM !SSPI </features> <server> http </server> <name> HTTP POST --ntlm to server not requiring any auth at all </name> <command> http://%HOSTIP:%HTTPPORT/176 -u auser:apasswd --ntlm -d "junkelijunk" </command> </client> # Verify data after the test has been "shot" <verify> <strip> ^User-Agent:.* </strip> <protocol nonewline="yes"> POST /176 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= User-Agent: curl/7.12.1-CVS (i686-pc-linux-gnu) libcurl/7.12.1-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.6 Accept: */* Content-Length: 0 Content-Type: application/x-www-form-urlencoded POST /176 HTTP/1.1 Host: %HOSTIP:%HTTPPORT User-Agent: curl/7.12.1-CVS (i686-pc-linux-gnu) libcurl/7.12.1-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.6 Accept: */* Content-Length: 11 Content-Type: application/x-www-form-urlencoded junkelijunk </protocol> </verify> </testcase>