The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,497 other followers

Archive for the ‘Windows-Http-Proxy’ Category

Tools for TCP tunnels over HTTP/HTTPS

Posted by jpluimers on 2019/01/16

With the advent of WebSockets, it looks like TCP tunnels over HTTP/HTTPS are gaining more ground and I need to put some research time in them.

Some old to new links:

CONNECT requests are not supported by many HTTP proxies, especially in larger organisations, so chisel and crowbar have a much bigger chance there.

And of course there is SoftEtherVPN/SoftEtherVPN: A Free Cross-platform Multi-protocol VPN Software. * For support, troubleshooting and feature requests we have http://www.vpnusers.com/. For critical vulnerability please email us. (mail address is on the header.).

However, that is a VPN solution which is much broader than just a single TCP tunnel. You can so similar things with OpenVPN, but over HTTP/HTTPS, also requires CONNECT:

SoftEtherVPN seems to be more versatile though. I blogged about that before, but back then didn’t have needs for it yet. VPN over HTTPS: Ultimate Powerful VPN Connectivity – SoftEther VPN Project.

–jeroen

via: [WayBackVPN through only http – Server Fault answer by [WayBack] neutrinus

Posted in Communications Development, Development, HTTP, https, Internet protocol suite, Network-and-equipment, OpenVPN, Power User, TCP, VPN, WebSockets, Windows-Http-Proxy | Leave a Comment »

Notes and links on proxytunnel, sslh, apache, stunnel, putty, ssh and more

Posted by jpluimers on 2016/12/12

This is based on lots of help from Rui Seabra with a G+ remark I made a while ago: “So what would be a proper way to setup an SSH connection over HTTPS given that the proxy in between is CNTLM providing credentials to an NTLM authenticating proxy that does HTTPS man-in-the-moddle? Clients are Linux or Windows with admin access. On the outside Linux with admin access as well.
This is also becoming more and more relevant with “free” WiFi providers only allowing HTTP/HTTPS and playing HTTPS Man-in-the-Middle.”

So the situation is something like this:

  • client ssh client
  • stunnel client
  • man-in-the-middle HTTP/HTTPS proxy only allowing outgoing traffic on ports 80/443
  • server: sslh
    • server apache daemon
    • stunnel daemon
    • server ssh daemon

Some links:

–jeroen

Posted in Cntlm, Power User, Windows, Windows-Http-Proxy | Leave a Comment »

Research notes on Diffie Hellman over WebSockets over a MittM http proxy to setup an encapsulated secure channel

Posted by jpluimers on 2015/06/17

Inspired by CloudFlare Keyless SSL, I have this idea of using Diffie Hellman over WebSockets over a MittM based http proxy (which intercepts and decrypts HTTPS traffic) like mitmproxy (but them from a commercial vendor to inspect web traffic) to setup an encapsulated secure channel.

I know SSH uses Diffie Hellman to setup a secure channel over a binary TCP connection.

Binary communication over HTTP usually means WebSocket.

I don’t want WebSSH (which does use WebSockets, but is probably filtered by the MitM proxy anyway).

Maybe either of these open source tools will work:

If these don’t work, I need to do more research.

Since I use C# and .NET for much of my work, I started the WebSocket over HTTP C# query.

c# – How to use proxies with the WebSocket4Net library – Stack Overflow.

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, HTTP, Internet protocol suite, Linux, Power User, SSH, SuSE Linux, TCP, WebSockets, Windows, Windows-Http-Proxy | Leave a Comment »

Error during: git svn clone “RA layer request failed: PROPFIND request failed on” means fix your proxy configuration

Posted by jpluimers on 2015/05/22

When during a git svn clone you get an error message starting with “RA layer request failed: PROPFIND request failed on” it means you have to set your git svn proxy.

This is in a different location than the git proxy setting (it would be too easy if these were the same, right?).

So you do not get/set it through commands like these:

git config --global --get http.proxy
git config --global http.proxy localhost:3128

Via Cannot do git-svn fetch behind proxy and  git svn clone died of signal 11 under cygwin (thanks janosFredrik Pihl and User Pavel, I found out that you need to change these files (create the .subversion directory and servers file when they do not exist):

  • Windows:
    • %HomeShare%\.subversion\servers
    • %UserProfile%\.subversion\serverssour
  • Linux:
    • ~/.subversion/servers

If you ever run in the same problem with the regular SVN client, then you need to change yet different files (why have 1 standard when you can have many?):

  • Windows:
    • %AppData%\Roaming\Subversion\servers
  • Linux:
    • ~/Subversion/servers

Ensure a section like this exists and fill in the blanks:

[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
http-proxy-host = YOURPROXY.com
http-proxy-port = YOURPORT
# http-proxy-username = defaultusername
# http-proxy-password = defaultpassword
# http-compression = no
# http-auth-types = basic;digest;negotiate
# No http-timeout, so just use the builtin default.
# No neon-debug-mask, so neon debugging is disabled.
# ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem<

Notes:

In some poorly managed networked environments, the %AppData% environment variable can be wrong, so make sure your Windows profile is not somewhere on a network share.

TortoiseGit seems to use yet another directory for GIT SVN server configuration.

–jeroen

via:

Posted in Cntlm, DVCS - Distributed Version Control, git, Power User, Source Code Management, SourceTree, Windows, Windows-Http-Proxy | Leave a Comment »

Debugging problems with the network proxy (via: The Chromium Projects)

Posted by jpluimers on 2015/05/08

In this case, another tool didn’t obtain the right Proxy settings.

Chrome to the rescue as chrome://net-internals/#proxy shows you the system proxy settings:

When browsers are experiencing network problems, generally the first thing to test is your network proxy settings. Misconfigured settings, or misbehaving settings, can have a profound impact on your network traffic possibly resulting in pages not loading at all.

Main take aways: chrome://net-internals/#proxy

Since then, I created this small batch file:

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" | findstr proxy

And this one to edit the settings:

"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL inetcpl.cpl,,4

It will open the same Window that your Control Panel or Internet Explorer uses to manage connection and proxy settings.
From there click the “LAN Settings” button to edit the proxy configuration.

–jeroen

via: Debugging problems with the network proxy – The Chromium Projects.

Posted in Power User, Windows, Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista, Windows XP, Windows-Http-Proxy | Leave a Comment »

 
%d bloggers like this: