Some web application needs NTLM authentication, especially .NET, and testing for SQL Injections becomes very important in such critical applications.
In Backtrack, if we want to test for SQL Injection using SQLMap it needs "python-NTLM" in order to test such applications.
You can find python-ntlm information :
But what if we can do our testing without this library??? Guess how...??? ...Answer is through Burp-suite...
 |
| Configure Burp for NTLM Authentication |
 |
| Configure SQLMap to use Burp Proxy |
Now your SQLMap will attack on your web application through Burp suite which is already taking care of NTLM Authentication :)
http://blog.belure.com/2012/08/sqlmap-ntlm-authentication.html
ReplyDelete