The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,778 other followers

Archive for the ‘Windows-Http-Proxy’ Category

Using Chrome on Windows with a different proxy server than the system one (which is used by Internet Explorer)

Posted by jpluimers on 2019/10/25

By default, Chrome uses the same proxy server as Internet Explorer: the system one that your Chrome settings page accesses from chrome://settings/search#proxy through this command-line call:

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\system32\inetcpl.cpl,,4

There is no GUI way inside Chrome to change this, but there is a command-line parameter: --proxy-server="ipaddress:port"

So create a new shortcut to Chrome, then you can change it.

This comes in very handy if you want to test

  • some sessions through for instance Internet Explorer going through HTTP Fiddler (that defaults at localhost:8888)
  • other sessions through Cntlm (that defaults to localhost:3128)

Some background information:

–jeroen

Posted in Chrome, Power User, Web Browsers, Windows, Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista, Windows XP, Windows-Http-Proxy | Leave a Comment »

Tools for TCP tunnels over HTTP/HTTPS

Posted by jpluimers on 2019/01/16

With the advent of WebSockets, it looks like TCP tunnels over HTTP/HTTPS are gaining more ground and I need to put some research time in them.

Some old to new links:

CONNECT requests are not supported by many HTTP proxies, especially in larger organisations, so chisel and crowbar have a much bigger chance there.

And of course there is SoftEtherVPN/SoftEtherVPN: A Free Cross-platform Multi-protocol VPN Software. * For support, troubleshooting and feature requests we have http://www.vpnusers.com/. For critical vulnerability please email us. (mail address is on the header.).

However, that is a VPN solution which is much broader than just a single TCP tunnel. You can so similar things with OpenVPN, but over HTTP/HTTPS, also requires CONNECT:

SoftEtherVPN seems to be more versatile though. I blogged about that before, but back then didn’t have needs for it yet. VPN over HTTPS: Ultimate Powerful VPN Connectivity – SoftEther VPN Project.

–jeroen

via: [WayBackVPN through only http – Server Fault answer by [WayBack] neutrinus

Posted in Communications Development, Development, HTTP, https, Internet protocol suite, Network-and-equipment, OpenVPN, Power User, TCP, VPN, WebSockets, Windows-Http-Proxy | Leave a Comment »

Notes and links on proxytunnel, sslh, apache, stunnel, putty, ssh and more

Posted by jpluimers on 2016/12/12

This is based on lots of help from Rui Seabra with a G+ remark I made a while ago: “So what would be a proper way to setup an SSH connection over HTTPS given that the proxy in between is CNTLM providing credentials to an NTLM authenticating proxy that does HTTPS man-in-the-moddle? Clients are Linux or Windows with admin access. On the outside Linux with admin access as well.
This is also becoming more and more relevant with “free” WiFi providers only allowing HTTP/HTTPS and playing HTTPS Man-in-the-Middle.”

So the situation is something like this:

  • client ssh client
  • stunnel client
  • man-in-the-middle HTTP/HTTPS proxy only allowing outgoing traffic on ports 80/443
  • server: sslh
    • server apache daemon
    • stunnel daemon
    • server ssh daemon

Some links:

–jeroen

Posted in Cntlm, Power User, Windows, Windows-Http-Proxy | Leave a Comment »

Research notes on Diffie Hellman over WebSockets over a MittM http proxy to setup an encapsulated secure channel

Posted by jpluimers on 2015/06/17

Inspired by CloudFlare Keyless SSL, I have this idea of using Diffie Hellman over WebSockets over a MittM based http proxy (which intercepts and decrypts HTTPS traffic) like mitmproxy (but them from a commercial vendor to inspect web traffic) to setup an encapsulated secure channel.

I know SSH uses Diffie Hellman to setup a secure channel over a binary TCP connection.

Binary communication over HTTP usually means WebSocket.

I don’t want WebSSH (which does use WebSockets, but is probably filtered by the MitM proxy anyway).

Maybe either of these open source tools will work:

If these don’t work, I need to do more research.

Since I use C# and .NET for much of my work, I started the WebSocket over HTTP C# query.

c# – How to use proxies with the WebSocket4Net library – Stack Overflow.

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, HTTP, Internet protocol suite, Linux, Power User, SSH, SuSE Linux, TCP, WebSockets, Windows, Windows-Http-Proxy | Leave a Comment »

Error during: git svn clone “RA layer request failed: PROPFIND request failed on” means fix your proxy configuration

Posted by jpluimers on 2015/05/22

When during a git svn clone you get an error message starting with “RA layer request failed: PROPFIND request failed on” it means you have to set your git svn proxy.

This is in a different location than the git proxy setting (it would be too easy if these were the same, right?).

So you do not get/set it through commands like these:

git config --global --get http.proxy
git config --global http.proxy localhost:3128

Via Cannot do git-svn fetch behind proxy and  git svn clone died of signal 11 under cygwin (thanks janosFredrik Pihl and User Pavel, I found out that you need to change these files (create the .subversion directory and servers file when they do not exist):

  • Windows:
    • %HomeShare%\.subversion\servers
    • %UserProfile%\.subversion\serverssour
  • Linux:
    • ~/.subversion/servers

If you ever run in the same problem with the regular SVN client, then you need to change yet different files (why have 1 standard when you can have many?):

  • Windows:
    • %AppData%\Roaming\Subversion\servers
  • Linux:
    • ~/Subversion/servers

Ensure a section like this exists and fill in the blanks:

[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
http-proxy-host = YOURPROXY.com
http-proxy-port = YOURPORT
# http-proxy-username = defaultusername
# http-proxy-password = defaultpassword
# http-compression = no
# http-auth-types = basic;digest;negotiate
# No http-timeout, so just use the builtin default.
# No neon-debug-mask, so neon debugging is disabled.
# ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem<

Notes:

In some poorly managed networked environments, the %AppData% environment variable can be wrong, so make sure your Windows profile is not somewhere on a network share.

TortoiseGit seems to use yet another directory for GIT SVN server configuration.

–jeroen

via:

Posted in Cntlm, DVCS - Distributed Version Control, git, Power User, Source Code Management, SourceTree, Windows, Windows-Http-Proxy | Leave a Comment »

 
%d bloggers like this: