12.6 Exercises

  • Write a fake helper for Basic authentication that always returns either OK or ERR.

  • Use tcpdump or ethereal to capture some HTTP requests. Decode the authorization credentials.

  • If you're using NTLM, capture some HTTP requests and attempt a replay attack.

  • Kill Squid's authentication helper processes one-by-one while running tail -f cache.log.

  • Find out what happens to your favorite NTLM-based authenticator when it can't communicate with the NT domain controller.

    Appendix A. Config File Reference