I have a corporate proxy using Squid and kerberos for authentication, the proxy is configured for standard use, I.E allow http, https, a few others and block everything else. Now, there are many applications that support basic proxy authentication, but do not support Kerberos based authentication and many others that connect directly to the internet. I used Proxifier before the upgrade to kerberos to make my applications use the proxy, but I cannot do so now. I then installed an application called PX to create a proxy that connects to kerberos, but the proxy it creates is a simple HTTP Proxy and proxifier doesn't work correctly with it. Anyone has a setup for a situation like this?. I use Windows 10 and I obviously don't have access to the server where squid is configured. The application I need to connect to the internet uses standard https ports, it's not a torrent application nor anything that uses the ports blocked by squid. Thanks in advance.
Ok, for this particular case I've found the following setup to solve 99% of my problems.
First get Px here https://github.com/genotrance/px
Next get Fiddler: http://www.getfiddler.com/dl/Fiddler4BetaSetup.exe
Configure PX with your user and your domain and run it. By default it creates a running proxy on 127.0.0.1:3128
Configure your sistem proxy to use the proxy supplied by PX.
Execute fiddler, it should create ANOTHER proxy at 127.0.0.1:8888
Use this proxy in your apps. Proxifier should work as well.
Why use fiddler and not the direct 127.0.0.1:3128?, PX creates a pure http proxy and fiddler allows to tunnel https and connect request through it.
Any requests will pass through fiddler which will redirect them to the PX proxy which will redirect them to the squid proxy (So expect very slow speeds).
In the end since you're just redirecting your apps towards your proxy, if your proxy bans using regex expressions or direct IP connections some apps will NOT work, and in these cases using TOR or a VPN is the only real solution. Hope it helps someone avoid all the headaches I went through.
Related
I have an account in chatgpt but as I located in the restricted country, I tried to use AWS proxy (US server) to login chatgpt. Few weeks ago it worked but now I get an error message access denied error code 1020. I used tinyproxy in stealth mode at first but since I was unable to pass through the cloudflare, I guessed probably the proxy was not good enough to disguise itself as a proxy, so I tried squid vpn in stealth mode and algo vpn, but all did not work(Tried other AWS countries server as well other than US). Until now, I figure out chatgpt might probably just banned all connection from amazon or perhaps my proxy is just not smart enough to pass through cloudflare? What are more options? Any recommended free vpn proxy that I could installed into my AWS EC2 or perhaps I should try other less known cloud services instead? e.g. (other non-restricted country's local cloud services) Besides, I have consider using other free proxy from the internet but as I need to login my gmail, is it danger to do so but since its https so my username and password should be encrypted?
I have the same problem, simple ssh tunneling works you can use a jump server to bypass your country first and than use different server to use as proxy because some of your vps servers get banned with IP, so you may have to use another vpn with different proxy
ssh -D "port to make SOCKS 5 Connection like" <10808> -J <"user">#<"jump server IP"> <"user">#<"final server IP">
than you can use "foxyproxy" extention to build SOCKS5 proxy that uses specified port in this example 10808 to route your browser terrafic through tunnel in port 10808 to final server
or you can use something like sshuttle, but i was fine with this simple tunneling method in GFW
I have a Laravel app which needs to connect to a secure external API with very strict access requirements. There is a handler hosted on AWS which has a bunch of signed certificates etc. The only way to connect to that API is via that specific server due to those requirements.
Now, to test things on my local machine, I do the following:
SSH to the server using the -D flag to set up a SOCKS proxy.
Use this socks to http package to convert the proxy.
Set up Postman's proxy settings to use that http proxy.
That all works fine and I can complete the requests as expected.
However, I'd like to be able to use the proxy in my local Laravel environment too, for which I use Sail.
The problem is that I'm unsure of how to get the container to interact with the proxy. Using the method above in my local machine, I can cURL the required endpoint just fine, but if I try to do it via the container itself, it refuses to connect.
Any help would be appreciated!
i'm using the WSO2 ESB to integrate several services on the Windows virtual machine.
I used the simple proxy to map the services deployed on it. But the problem is what i can't access them from outside it nevetheless the port 8280 where services are deployed is open for internet, but i can see only blank page instead. What could be wrong?
Another question is i was trying to map the WSO2 ESB management console itself to be availbe from outside the machine using simple proxy, and i'm failed, it loads me the this is what i see on trying the service.
Could you please give me a hint on how to resolve this issue? is it possible to share the esb mgmt console using the ESB itself?
Thanks a lot in advance,
Do u have proxy in the middle? It looks like on screenshot webpage missing all pictures, meanwhile css was loaded successfully.
Another question which kind of virtual machine u use? For example in virtualbox by default virtual machine behind NAT.
I wasn't able to connect to server on virtual machine from host only opposite way server on host available in virtual machine.
To make server in virtual machine available on host need to configure network as bridge.
Not sure if it helps, but I think I had a similar problem in our corporate network after I applied all the security patches (poodle,Diffie-Hellman etc.). I had to configure the addresses in catalina.xml (if i remember right) that are/under which allowed to access the admin console. Cannot tell you more details because I'm on holiday :-)
Maybe it's worth to give it a try.
Another example from real life. HTTP Response from external resource was application/json, status of response 200 OK. ESB configured to use
<messageFormatter contentType="application/json"
class="org.apache.synapse.commons.json.JsonStreamFormatter"/>
but content was simple text/plain.
During parsing body of http response exception was thrown and just silently was written to log, without any fault message processing. Just empty response to client.
To clarify that services reachable, there is echo service by default on server, which respond content equal to request. Try to use it.
was trying to map the WSO2 ESB management console itself to be availbe
from outside the machine using simple proxy
By default the management console tries to enforce the port 9443 for dynamic links (JSP) pages. That's why you see only part of the pages and you shouldn't be able to log on.
what you can do is edit the repository/conf/tomcat/catalina-server.xml and to the Connector running the port 9443 you can add an attribute proxyPort="443", the carbon console will be happy to run on 443.
For the services, my educated guess would be on the firewall / network rules, however without other information I cannot answer (or - they are working, just you may not try to access them by simple browser request)
I followed the example in the following SO question to successfully set up an Apache forwarding proxy: Setting up an Apache Proxy with Authentication
It works well, except that when accessing sites via https, it says it cannot find the site. For example, Chrome gives
Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
And on the server, I do not even see something in the access logs. For my proxy settings, I have configured the same for http and https (i.e. port 80 on my proxy server).
Do you perhaps have an example of how to set up a forward proxy with Apache for https?
It seems the only thing I was missing is that I had not enabled mod_proxy_connect which was achieved with
sudo a2enmod proxy_connect
To quote the mod_proxy_connect documentation page:
This module requires the service of mod_proxy. It provides support for
the CONNECT HTTP method. This method is mainly used to tunnel SSL
requests through proxy servers.
Are you attempting to terminate the SSL or just trying to create a forward proxy without handling any SSL certs? The issue that you are having is because during HTTPS proxying, the browser attempts to create an HTTP tunnel and it seems that your server is not correctly configured to handle tunneling. You can see another example here: Implementing a Simple HTTPS Proxy Application.
Here is another helpful thread on proxying HTTPS traffic with HTTP tunneling: Tunnel over HTTPS.
If you can choose something else other than Apache, I would suggest you use a robust forward proxy such as Squid or TrafficServer that are built to handle this type of setup.
I am wondering how the proxy will bypass the content filter within firewall?
For example, if you are in China and try to connect to facebook, the GFW will block it. But if you use proxy server, then you can connect through. What is the logic here?
Thanks,
The Firewall blocks the web address from being accessed. A proxy has a different web address and is therefore accessible. However, the proxy is able to access the web address as it is outside the firewall. It sends the HTML code from the webpage to be accessed to your computer.
Think of the proxy as a middleman. It gets you what you want and then sends it to you, without you ever accessing the webpage directly and alerting the firewall.