From 1ac5521038e05aef2273b4237341b3d78a255ce3 Mon Sep 17 00:00:00 2001
From: evilsocket <evilsocket@gmail.com>
Date: Fri, 23 Feb 2018 11:46:00 +0100
Subject: [PATCH] fix: fixed a bug in NTLM parser which prevented the HTTP
 parser from being called.

---
 modules/net_sniff_ntlm.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/net_sniff_ntlm.go b/modules/net_sniff_ntlm.go
index eb774e41..e27b3893 100644
--- a/modules/net_sniff_ntlm.go
+++ b/modules/net_sniff_ntlm.go
@@ -32,6 +32,8 @@ func isResponse(s string) bool {
 
 func ntlmParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
 	data := tcp.Payload
+	ok := false
+
 	for _, line := range strings.Split(string(data), "\r\n") {
 		if isNtlm(line) {
 			tokens := strings.Split(line, " ")
@@ -39,8 +41,10 @@ func ntlmParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
 				continue
 			}
 			if isChallenge(line) {
+				ok = true
 				ntlm.AddServerResponse(tcp.Ack, tokens[2])
 			} else if isResponse(line) {
+				ok = true
 				ntlm.AddClientResponse(tcp.Seq, tokens[2], func(data packets.NTLMChallengeResponseParsed) {
 					NewSnifferEvent(
 						pkt.Metadata().Timestamp,
@@ -60,5 +64,5 @@ func ntlmParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
 			}
 		}
 	}
-	return true
+	return ok
 }