Skip to content

Instantly share code, notes, and snippets.

@xdu
Last active August 29, 2015 14:26
Show Gist options
  • Save xdu/451df5d7cb9828148c89 to your computer and use it in GitHub Desktop.
Save xdu/451df5d7cb9828148c89 to your computer and use it in GitHub Desktop.
Setup a HTTP proxy behind a NTML proxy

Proxy Authentication

A proxy server may ask a client to be authenticated before using the relay. The authentication method can be Basic or NTLM. To find out which method is used by the browser, you can use chrome to open www.google.com and inspect the request headers.

If the headers contain a line like "Proxy-Authorization:NTLM xxxx", it means the proxy uses NTLM to authenticate the user. For the command line applications such as maven or vagrant, even eclipse, they cannot make use this kind proxy server directly, because they don't know how to generate the NTLM authentication hash.

Open a command window and type

set http_proxy=http://proxy.mycompany.com:8080
curl -v http://www.google.com

You'll see that the authentication fails.

NTLM HTTP Proxy

To solve the problem you need to setup a authentication proxy between the company proxy and the client. Download Cntlm from http://cntlm.sourceforge.net/ and unzip the file, then open a command window

cntlm.exe -I -M http://www.google.com -u USER@DOMAIN proxy.mycompany.com:8080

The program will prompt you to enter your windows user password and generate the NTLMv2 hash. Now you open the file cntlm.ini in the same folder as cntlm.exe, put the generate hash to the PassNTLMv2.

cntlm.exec -c cntlm.ini

Setup the proxy environment

set http_proxy=http://localhost:3128
set https_proxy=https://localhost:3128
curl -v http://www.google.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment