Created
June 19, 2017 01:00
-
-
Save mancubus77/9b68256c2774c04289dec922570b5a62 to your computer and use it in GitHub Desktop.
How to pass corporate proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From here: | |
https://www.howtoforge.com/linux-ntlm-authentication-proxy-isa-server-with-cntlm | |
About Cntlm proxy | |
Quoted from the official ctnlm sourceforge.net Website: "Cntlm is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft proprietary world. You can use a free OS and honor our noble idea, but you can't hide. Once you're behind those cold steel bars of a corporate proxy server requiring NTLM authentication, you're done with. The same even applies to 3rd party Windows applications, which don't support NTLM natively. | |
. | |
Here comes Cntlm. It stands between your applications and the corporate proxy, adding NTLM authentication on-the-fly. You can specify several "parent" proxies and Cntlm will try one after another until one works. All auth'd connections are cached and reused to achieve high efficiency. Just point your apps proxy settings at Cntlm, fill in cntlm.conf (cntlm.ini) and you're ready to do. This is useful on Windows, but essential for non-Microsoft OS's. | |
Cntlm integrates TCP/IP port forwarding (HTTP tunneling), SOCKS5 proxy mode, standalone proxy allowing you to browse intranet as well as Internet and to access corporate web servers with NTLM protection. There are many advanced features like NTLMv2 support, password protection, password hashing, completely mutliplatform code (running on just about every architecture and OS out there) and so much more. Cntlm eats up so little resources it can be used on embedded platforms as well - it's written in plain C without any external dependencies. | |
Cntlm has been tested against various ISA servers, WinGate, NetCache, Squid and Tinyproxy with and without NTLM auth." | |
About this tutorial | |
This tutorial assumes you have a clean install of Debian 7. | |
1. Install CNTLM | |
Update your sources: | |
apt-get update | |
Update your installation: | |
apt-get upgrade | |
Install application: | |
apt-get install cntlm | |
2. Configure CNTLM | |
Once installed edit the configuration file: | |
nano /etc/cntlm.conf | |
Set username, domain, remote proxy, and address with port which local proxy will listen to. Here will listen only in local interface: | |
Username testuser | |
Domain contoso.com | |
Proxy 10.0.0.41:8080 | |
Listen 127.0.0.1:3128 | |
Generate password hash: | |
cntlm -H | |
You will see something like this: | |
Password: | |
PassLM 7F4BB72132BAA2A01FA94BD623A70D3B | |
PassNT 2C27BB146F74625D159413FC1F30745F | |
PassNTLMv2 D3972609581D8260868ED588303F0FF0 # Only for user 'testuser', domain 'contoso' | |
Copy these lines to /etc/cntlm.conf | |
3. Configure Debian to use the CNTLM proxy: | |
Execute this line to configure system to use the local proxy: | |
export http_proxy=http://127.0.0.1:3128/ | |
4. Configure CNTLM to listen external network: | |
If you need to use CNTLM as a proxy server, add this line to /etc/cntlm.conf (assuming 10.0.0.1 is the local address): | |
Listen 127.0.0.1:3128 | |
Listen 10.0.0.1:3128 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment