Hijacking NTLM-powered Mobile Apps (Part 1 - Cracking with Responder)
Doing a black-box test of a mobile app that uses NTLM authentication to speak to the web service? You may find your typical tools won’t work. Read on for information on intercepting, inspecting, and modifying the API calls. You might even get lucky and crack a clear-test master password.