From ea0925f8778fee42bdf9acbfcdb2e57aa27f7fdb Mon Sep 17 00:00:00 2001
From: Ashley Donaldson <smashery@gmail.com>
Date: Tue, 7 Sep 2021 10:31:01 +1000
Subject: [PATCH] Support Extended Protection for Authentication

---
 lib/rex/proto/http/client.rb | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/rex/proto/http/client.rb b/lib/rex/proto/http/client.rb
index d766b3eb4f..bb82f2337c 100644
--- a/lib/rex/proto/http/client.rb
+++ b/lib/rex/proto/http/client.rb
@@ -511,7 +511,7 @@ class Client
       ntlm_challenge = resp.headers['WWW-Authenticate'].scan(/#{provider}([A-Z0-9\x2b\x2f=]+)/ni).flatten[0]
       return resp unless ntlm_challenge
 
-      ntlm_message_3 = ntlm_client.init_context(ntlm_challenge)
+      ntlm_message_3 = ntlm_client.init_context(ntlm_challenge, channel_binding)
 
       # Send the response
       opts['headers']['Authorization'] = "#{provider}#{ntlm_message_3.encode64}"
@@ -529,7 +529,14 @@ class Client
     end
   end
 
-  #
+  def channel_binding()
+    if self.conn.peer_cert.nil?
+      nil
+    else
+      Net::NTLM::ChannelBinding.create(OpenSSL::X509::Certificate.new(self.conn.peer_cert))
+    end
+  end
+
   # Read a response from the server
   #
   # Wait at most t seconds for the full response to be read in.