Java HTTPClient 4.5 with NTLM, can't get NTLMv2 authentication

Question

I'm trying to authenticate to a proxy using NTLMv2. But in turn, what I get is authentication using NTLMv1. Proxy supports both types and the client is outside the domain (but has the required credentials).

The client is running on CentOS 6. The proxy is Squid also running on CentOS 6. Windows 2019 as AD.

If I try my PoC using HTTP client 4.5, I see in Wireshark that during negotiation (Message Type 1) the FLAG_REQUEST_TARGET is not set. Looking at the HTTP Client inside NTLMEngineImpl I see:

static String getType1Message(final String host, final String domain) throws NTLMEngineException {
        // For compatibility reason do not include domain and host in type 1 message
        //return new Type1Message(domain, host).getResponse();
        return TYPE_1_MESSAGE.getResponse();
    }

Inside the String getResponse() I don't see the flag being set anywhere.

From a Windows machine with IE, with the same proxy set if I do a request I see in Wireshark the FLAG_REQUEST_TARGET set and after the negotiation it ends up using NTLMv2.

So, is there a way for me to set this flag using the HTTPClient 4.5?

Answer 1

I went for JCIFS.

Although I also have a wrapper for NTLEngineImpl, so, implementing NTLEngine I just need to override the TYPE1 message (and took the code from the real Imp but added a new flag to it).

Anyway, as said, I ended up going to another library.