HTTP HTTP GET HTTP NTLM auth connection re-use # Server-side connection-monitor HTTP/1.1 401 Authentication please! Content-Length: 20 WWW-Authenticate: Digest realm="loonie", nonce="314156592" WWW-Authenticate: Basic Please auth with me HTTP/1.1 401 Authentication please! Content-Length: 20 WWW-Authenticate: Digest realm="loonie", nonce="314156592" WWW-Authenticate: Basic Please auth with me # This is supposed to be returned when the server gets the second # Authorization: NTLM line passed-in from the client HTTP/1.1 200 Things are fine in server land Server: Microsoft-IIS/5.0 Content-Length: 4 moo HTTP/1.1 200 OK Server: Another one/1.0 Content-Length: 4 boo # This is the first reply after the redirection HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 34 This is not the real page either! HTTP/1.1 401 Authentication please! Content-Length: 20 WWW-Authenticate: Digest realm="loonie", nonce="314156592" WWW-Authenticate: Basic HTTP/1.1 200 Things are fine in server land Server: Microsoft-IIS/5.0 Content-Length: 4 moo # Client-side http !SSPI crypto HTTP with --anyauth and connection re-use http://%HOSTIP:%HTTPPORT/1418 -u testuser:testpass --anyauth http://%HOSTIP:%HTTPPORT/14180003 # Verify data after the test has been "shot" ^User-Agent:.* GET /1418 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Accept: */* GET /1418 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: Digest username="testuser", realm="loonie", nonce="314156592", uri="/1418", response="986238b7e0077754944c966f56d9bc77" Accept: */* GET /14180003 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Accept: */* GET /14180003 HTTP/1.1 Host: %HOSTIP:%HTTPPORT Authorization: Digest username="testuser", realm="loonie", nonce="314156592", uri="/14180003", response="1c6390a67bac3283a9b023402f3b3540" Accept: */* [DISCONNECT]