forked from genotrance/px
-
Notifications
You must be signed in to change notification settings - Fork 0
An HTTP proxy server to automatically authenticate through an NTLM proxy
License
orney21d/px
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Px is a HTTP(s) proxy server that allows applications to authenticate through an NTLM proxy server, typically used in corporate deployments, without having to deal with the actual NTLM handshake. It is primarily designed to run on Windows systems and authenticates on behalf of the application using the currently logged in Windows user account. Px is very similar to "NTLM Authorization Proxy Server" (http://ntlmaps.sourceforge.net/) and Cntlm (http://cntlm.sourceforge.net/) in that it sits between the corporate proxy and applications and offloads the NTLM authentication. The primary difference in Px is to use the currently logged in user's credentials to log in automatically rather than requiring the user to provide the username, password (hash) and domain information. This is accomplished by using Microsoft SSPI to generate the tokens and signatures required to authenticate with the NTLM proxy. NTLMAps and Cntlm were designed for non-Windows users stuck behind a corporate proxy. As a result, they require the user to provide the correct credentials to authenticate. On Windows, the user has already logged in with his credentials so Px is designed for Windows users who would like to use tools that aren't designed to deal with NTLM authentication, without having to supply and maintain the credentials within Px. The following link from Microsoft provides a good starting point to understand how NTLM authentication works: https://msdn.microsoft.com/en-us/library/dd925287.aspx Configuration Px requires only one piece of information in order to function - the server name and port of the NTLM proxy server. This needs to be configured 5C8D in px.ini. Without this, Px will not work and exit immediately. The noproxy capability allows Px to connect to hosts in the configured subnets directly, bypassing the NTLM proxy altogether. This allows clients to connect to hosts within the intranet without requiring additional configuration for each client or at the NTLM proxy. There are a few other settings to tweak in the INI file but most are self-explanatory. A few of the settings can be specified on the command line for convenience. px --proxy=proxyserver.com:80 --noproxy=0.0.0.0/0 --debug The binary distribution of Px runs in the background once started and can be quit by running "px --quit". When run directly using Python, use CTRL-C to quit. Dependencies Px doesn't have any GUI and runs completely in the background. It is distributed using Python 3.x and PyInstaller to have a self-contained executable but can also be run using a Python distribution with the following additional packages. netaddr, psutil, pywin32 futures on Python 2.x In order to make Px a capable proxy server, it is designed to run in multiple processes. The number of parallel workers or processes is configurable via px.ini. However, this only works on Python 3.3+ since that's when support was added to share sockets across processes in Windows. On older versions of Python, Px will run multi-threaded but in a single process. Feedback Px is definitely a work in progress and any feedback or suggestions are welcome. It is hosted on GitHub (https://github.com/genotrance/px) with an MIT license so issues, forks and pushes are most appreciated. Credits Px is based on code from all over the internet and especially acknowledges these sources:- http://stackoverflow.com/questions/2969481/ntlm-authentication-in-python http://www.oki-osk.jp/esc/python/proxy/ http://stupidpythonideas.blogspot.com/2014/09/sockets-and-multiprocessing.html https://curl.haxx.se/mail/lib-2014-09/0070.html https://github.com/fl4re/curl/blob/master/lib/curl_sasl_sspi.c
About
An HTTP proxy server to automatically authenticate through an NTLM proxy
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- Python 98.4%
- Batchfile 1.6%