Warning surpression

Author: jheysel-r7

lib/msf/core/exploit/remote/http_server/relay/ntlm/server_client.rb

@@ -224,7 +224,7 @@ def handle_type3(parsed_type3)
           logger.print_status("Anonymous Identity - Successfully authenticated against relay target #{@ldap_client.target.ip}")
           @ldap_client.disconnect! if @ldap_client
         else
-          logger.print_good("Successfully relayed NTLM authentication to LDAP!")
+          logger.print_good("Identity: #{identity} -  Successfully relayed NTLM authentication to LDAP!")
           logger.on_relay_success(relay_connection: @ldap_client, relay_identity: identity)
         end
 

lib/msf/core/exploit/remote/relay/ntlm/target/ldap/client.rb

@@ -55,11 +55,21 @@ def relay_ntlmssp_type1(client_type1_msg)
       )
     end
 
+    # Determines whether the relay connection originated from an HTTP server.
+    #
+    # @return [Boolean] true if the provider's class name contains 'httpserver', false otherwise.
+    def is_http_source?
+      @provider && @provider.class.name.to_s.downcase.include?('httpserver')
+    end
+
     # @param [String] client_type3_msg
     # @rtype [Msf::Exploit::Remote::Relay::NTLM::Target::RelayResult, nil]
     def relay_ntlmssp_type3(client_type3_msg)
       ntlm_message = Net::NTLM::Message.parse(client_type3_msg)
-      if ntlm_message.ntlm_version == :ntlmv2
+
+      # Suppress the warning for HTTP sources because they can safely relay NTLMv2 type 3 messages. During testing
+      # non-Windows HTTP clients that sent NTLMv2 type 3 messages were able to be relayed to LDAP without issue.
+      if ntlm_message.ntlm_version == :ntlmv2 && !is_http_source?
         logger.print_warning('Relay client\'s NTLM type 3 message is NTLMv2, relaying to LDAP will not work')
       end