The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,318 other followers

Archive for the ‘Windows-Http-Proxy’ Category

Facebook ist in Bezug auf Kundenzufriedenheit und Vertrauen in Umfragen zieml…

Posted by jpluimers on 2020/10/16

Nice thread as it talks a bit about how keep your own stuff secure with companies doing MitM, or have VPN infrastrcuture.

[WayBack] Facebook ist in Bezug auf Kundenzufriedenheit und Vertrauen in Umfragen zieml…

Most larger TLS based web-sites now have HSTS so detect MitM.

Having a proxy locally helps checking the certificates.

Corporate laptops usually has device management. If they use MitM, their root certificates are usually put back automatically. But not all software uses the same root certificate store (:

In the past, I have used [WayBack] cntlm, or VPN (routing only corporate traffic over VPN).

There are corporate VPN variants, which take over the complete routing table or even run arbitrary scripts as root on your box on connect in order to do “endpoint validation”. And then there is OpenVPN, which routes the traffic that the company shall see to the company and lets you use normal connectivity for the rest.

You want openvpn, in all cases.

Another trick I have used is to VPN/SSH out of a corporate box and route some of the traffic over it.

Finally, for some larger corporate VPN software, there is an open source replacement that has better configuration options: OpenConnect supports AnyConnect, Juniper and GlobalProtect.

Related: picture on the right via [WayBack] Torsten Kleinz – Google+

–jeroen

Posted in Cntlm, Encryption, HTTPS/TLS security, Power User, Security, Windows, Windows-Http-Proxy | Leave a Comment »

Dixin’s Blog – Use Fiddler with Node.js

Posted by jpluimers on 2019/10/30

[Archive.is] Dixin’s Blog – Use Fiddler with Node.js Fiddler is an useful HTTP proxy debugger on Windows. It would be nice if it can work with Node.js applications. To do this, just need to proxy Node.js requests through Fiddler… on port 8888.

There is a snippet for it at github/Dixin/CodeSnippets/…/fiddler.js (now moved to [WayBack] github.com/Dixin/Blog/…/Blog/Dixin.Nodejs/fiddler.js)

It complements a few posts I’ve written about Fiddler using port 8888 as a proxy before:

–jeroen

via: [WayBack] Use Fiddler with Node JS – CHUA Chee Wee – Google+

Posted in Cntlm, Development, JavaScript/ECMAScript, Node.js, NTLM, Power User, Scripting, Software Development, Windows, Windows-Http-Proxy | Leave a Comment »

Using Chrome on Windows with a different proxy server than the system one (which is used by Internet Explorer)

Posted by jpluimers on 2019/10/25

By default, Chrome uses the same proxy server as Internet Explorer: the system one that your Chrome settings page accesses from chrome://settings/search#proxy through this command-line call:

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\system32\inetcpl.cpl,,4

There is no GUI way inside Chrome to change this, but there is a command-line parameter: --proxy-server="ipaddress:port"

So create a new shortcut to Chrome, then you can change it.

This comes in very handy if you want to test

  • some sessions through for instance Internet Explorer going through HTTP Fiddler (that defaults at localhost:8888)
  • other sessions through Cntlm (that defaults to localhost:3128)

Some background information:

–jeroen

Posted in Chrome, Cntlm, NTLM, Power User, Web Browsers, Windows, Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista, Windows XP, Windows-Http-Proxy | Leave a Comment »

Tools for TCP tunnels over HTTP/HTTPS

Posted by jpluimers on 2019/01/16

With the advent of WebSockets, it looks like TCP tunnels over HTTP/HTTPS are gaining more ground and I need to put some research time in them.

Some old to new links:

CONNECT requests are not supported by many HTTP proxies, especially in larger organisations, so chisel and crowbar have a much bigger chance there.

And of course there is SoftEtherVPN/SoftEtherVPN: A Free Cross-platform Multi-protocol VPN Software. * For support, troubleshooting and feature requests we have http://www.vpnusers.com/. For critical vulnerability please email us. (mail address is on the header.).

However, that is a VPN solution which is much broader than just a single TCP tunnel. You can so similar things with OpenVPN, but over HTTP/HTTPS, also requires CONNECT:

SoftEtherVPN seems to be more versatile though. I blogged about that before, but back then didn’t have needs for it yet. VPN over HTTPS: Ultimate Powerful VPN Connectivity – SoftEther VPN Project.

–jeroen

via: [WayBackVPN through only http – Server Fault answer by [WayBack] neutrinus

Posted in Communications Development, Development, HTTP, https, Internet protocol suite, Network-and-equipment, OpenVPN, Power User, TCP, VPN, WebSockets, Windows-Http-Proxy | Leave a Comment »

Notes and links on proxytunnel, sslh, apache, stunnel, putty, ssh and more

Posted by jpluimers on 2016/12/12

This is based on lots of help from Rui Seabra with a G+ remark I made a while ago: “So what would be a proper way to setup an SSH connection over HTTPS given that the proxy in between is CNTLM providing credentials to an NTLM authenticating proxy that does HTTPS man-in-the-moddle? Clients are Linux or Windows with admin access. On the outside Linux with admin access as well.
This is also becoming more and more relevant with “free” WiFi providers only allowing HTTP/HTTPS and playing HTTPS Man-in-the-Middle.”

So the situation is something like this:

  • client ssh client
  • stunnel client
  • man-in-the-middle HTTP/HTTPS proxy only allowing outgoing traffic on ports 80/443
  • server: sslh
    • server apache daemon
    • stunnel daemon
    • server ssh daemon

Some links:

–jeroen

Posted in Cntlm, Power User, Windows, Windows-Http-Proxy | Leave a Comment »

 
<span>%d</span> bloggers like this: