2

At work we have a proxy that requires authentication (windows username/password) to be able to use.

I am in the situation where I have a program that communicates via port 443 but has no scope for proxy use.

Assuming the firewall cannot be changed is there any way that the program I have can be made to work through the proxy?

My thoughts are along the lines of a 3rd party app that will be proxy aware and capture and route traffic from that one program but I don't know if such things exist. Having said that any solution that will help programs use a proxy when they are not aware of it will be good. :)

Edit: Since posting I've come across SOCKS and some mention that this might be able to help and that there are ways to get non-SOCKS aware clients to use SOCKS...

Chris
  • 185
  • 1
    You don't mention which proxy server you're using, but as an example this is exactly what the Microsoft ISA/TMG client software does. – Chris McKeown Dec 05 '12 at 12:32
  • @ChrisMcKeown: that is in some ways quite deliberate. It may be that I am asking this in the wrong place but I'm not actually a sysadmin so don't have the capability to do anything with the servers (and indeed am therefore not entirely sure what the servers are). I was torn between posting on superuser or here but superuser explicitly says no corporate network related questions which this is. But that's why I'm after something that will change the way the program communicates with the internet at that level rather than changing the network structure. – Chris Dec 05 '12 at 12:42
  • Well, that's pretty much what the ISA/TMG client does - it intercepts (nearly) all network traffic and passes it down an authenticated connection to the ISA/TMG server. – Chris McKeown Dec 05 '12 at 12:47
  • @ChrisMcKeown: Ah, had missed the "client software" phrase on there. I'd seen ISA and assumed it would be a function of the server you were talking about. Mea culpa. – Chris Dec 05 '12 at 12:53

2 Answers2

3

You can setup transparent proxy on your client machine that will have your company's proxy as a parent and add authentication information when forwarding requests to the parent. You will need to install a proxy server that supports transparent proxying, I'd recommend squid; and you will need a firewall that will redirect your traffic to a proxy server, many windows firewalls can do that. Google for "squid transparent proxy", there are a lot of manuals.

Eugene
  • 511
  • 1
  • 3
  • 11
  • This doesn't answer the question. Non proxy-aware programs will not pass authentication details to a proxy server. Having a transparent proxy will not change this. – Chris McKeown Dec 05 '12 at 12:44
  • It will. Transparent proxy will accept connections redirected by firewall unauthenticated and add authentication when forwarding them to the parent (it will have to have username/password in the config of course). – Eugene Dec 05 '12 at 12:48
  • Ah, you mean running a transparent proxy on the client machines! Sorry, that wasn't clear in your answer. – Chris McKeown Dec 05 '12 at 12:49
  • Ok, edited my answer a bit. – Eugene Dec 05 '12 at 12:52
0

You can just use the Squid Kerberos Authentication Helper, a bit older, but works for most cases.

You will need the client_auth_kerb.zip package. Unpack it and the run:

For Windows Kerberos variant client_kerb_auth_sspi.exe -s proxy.example.com -P remote proxy port -i

For MIT/Heimeidal Kerberos variant client_kerb_auth_gssapi.exe -s proxy.example.com -P remote proxy port -i

It will create a local socket to receive unware application connections and send it to the real proxy server. Configure your local applications proxy server to localhost:8080

Depending on your proxy Kerberos/SSPI/GSSPI configuration, you may need to use the Squid Kerberos Authentication Helper https://sourceforge.net/projects/squidkerbauth/files/squidkerberizer/squid_kerberizer-1.0.1/

Alexandre Alencar
  • 21