Parse base64 or hex NTLM messages.
Useful to better understand what's going on during a SPNEGO Negotiate NTLM authentication phase.
NTLM can be used by an HTTP client to authenticate a user when the server asks it with the HTTP header WWW-Authenticate: Negotiate
. When this occurs and the HTTP Client chooses NTLM, there is 3 types of NTLM messages exchanged between the HTTP client and the HTTP server:
- a first one to tell the server that the client choose NTLM and ask the server for an NTLM challenge.
- a second one is the NTLM challenge returned by the server.
- a third one is the NTLM authentication message sent by the client, containing the proof of identity.
Theses messages are base64 encoded. You can use ntlm-parser
to decode and parse the content of theses NTLM messages. Useful for NTLM debugging or just satisfying your curiosity.
Global:
npm i -g ntlm-parser
Local:
npm i ntlm-parser
ntlm-parser <message-base64>
ntlm-parser -x <message-hex>
Base64 message:
ntlm-parser TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAKALpHAAAADw==
Hex message:
ntlm-parser 4e544c4d53535000010000000732000006000600330000000b000b0028000000050093080000000f574f524b53544154494f4e444f4d41494e
const {ntlmParse} = require('ntlm-parser');
const base64 = 'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAKALpHAAAADw==';
const object = ntlmParse(base64);
console.log('object: ', object);
object: {
messageType: 'NEGOTIATE_MESSAGE (type 1)',
flags: 'NEGOTIATE_UNICODE NEGOTIATE_OEM REQUEST_TARGET NEGOTIATE_NTLM NEGOTIATE_ALWAYS_SIGN NEGOTIATE_EXTENDED_SESSIONSECURITY NEGOTIATE_VERSION NEGOTIATE_128 NEGOTIATE_56',
suppliedDomain: { length: 0, allocated: 0, offset: 0 },
suppliedWorkstation: { length: 0, allocated: 0, offset: 0 },
osVersionStructure: {
majorVersion: 10,
minorVersion: 0,
buildNumber: 18362,
unknown: 15
},
suppliedDomainData: '',
suppliedWorkstationData: ''
}
This module already works with Typescript.
Same program as above:
import {ntlmParse} from 'ntlm-parser';
const base64 = 'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAKALpHAAAADw==';
const object = ntlmParse(base64);
console.log('object: ', object);
NTLM specification can be found for free on the Microsoft website at: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/b38c36ed-2804-4868-a9ff-8dd3182128e4
A more understandable document describing NTLM can also be found here: http://davenport.sourceforge.net/ntlm.html
When I will have time:
- Building, or modifying NTLM message, not just parsing.
Made with ❤️ by me, Jean-Louis GUENEGO jlguenego@gmail.com on my free time.