What are the prerequisites for obtaining a client's Net-NTLM hash via the HTTP protocol?

The client's user authentication method must be set to "Automatic logon with current user name and password" (registry value `1A00` set to `0`), or the client and server must be in the same Intranet zone with the default setting. Without these conditions, the client will prompt for credentials instead of automatically sending the hash. These constraints also apply to tools like Responder and Inveigh when capturing HTTP-based hashes.