I am testing NTLM over GSSAPI/SPENGO functionality that our proxy supports.
On mac (OSX 10.8.2), I have got FF (15.0) browser. I have added the proxy to the browser, updated network.negotiate-auth.trusted-uri, network.negotiate-auth.delegation-uris and network.automatic-ntlm-auth.trusted-uri tp point to the forward proxy I am using.
When I browse a website, here is what happens -
(proxy to FF) Proxy-Authenticate: Negotiate
(FF to proxy) Proxy-Authorization: Negotiate YEgGBisGAQUFAqA+MDygDjAMBgorBgEEAYI3AgIKoioEKE5UTE1TU1AAAQAAAAUCiGIAAAAAGAAAAAAAAAAYAAAABgGwHQ8AAAA=
(proxy to FF) Proxy-Authenticate: Negotiate oYHyMIHvoAMKAQGhDAYKKwYBBAGCNwICCqKB2QSB1k5UTE1TU1AAAgAAAAoACgAwAAAABQKJYvNEPJKZ57ZWAAAAAAAAAACcAJwAOgAAAFcAMgAwADAAOAACAAoAVwAyADAAMAA4AAEAFgBWAE0AMQAwAEIAUwBEADAAMgA3ADMABAAoAGQAZQB2AC4AcwBiAHIALgBpAHIAbwBuAHAAbwByAHQALgBjAG8AbQADAEAAdgBtADEAMABiAHMAZAAwADIANwAzAC4AZABlAHYALgBzAGIAcgAuAGkAcgBvAG4AcABvAHIAdAAuAGMAbwBtAAAAAAA=
Then FF does not respond back, instead shows "This Page Cannot Be Displayed"
When I did packetcapture, it shows that FF tries to do NTLMSSP over SPENGO and sends "negTokenInit" with NTLMSSP_NEGOTIATE. When Proxy sends "negTokenTarg" with NTLMSSP_CHALLENGE, the browser does not respond back.
Please let me know if you need any more information.