How do I pass a blank proxy username/password using curl? - bash

I’m using bash shell on Mac El Capitan. How do I pass a blank username/password for a proxy server using curl? I tried this
localhost:tmp davea$ curl http://www.google.com --proxy localhost:9050 --proxy-user "":""
514 Authentication required.
I’m running a tor daemon on my machine using this command
tor --CookieAuthentication 0 --HashedControlPassword "" --ControlPort 9050 --SocksPort 50001
and I’m able to connect through Telnet without entering a password like so
localhost:tmp davea$ telnet localhost 9050
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
AUTHENTICATE
250 OK
so I know that my password, at least, is correct.

Note that when using curl from the command line, the --proxy option is specifically for use with an HTTP proxy which Tor is not, it's a SOCKS proxy.
To get around this, use what Nehal suggested in the comments to use a SOCKS proxy (you'll probably want to use --socks5-hostname instead so the DNS resolution is also performed over Tor as well, otherwise you leak DNS requests locally).
So your call would look like:
curl http://www.google.com -L --socks5-hostname localhost:50001
Side note: The control port (9050) is only used for communicating commands to the controller. This port is not used to proxy requests at all.

Related

How to Use sshuttle on Windows WSL2

We have a Jenkins server which is accessible only from within the VPC on the cloud. On Mac and Linux I use sshuttle to make a ssh connection to the bastion instance (to act a proxy) and open the Jenkins console in the browser. Everything works fine.
Now I'm on Windows and trying to do the same on WSL2. If I'm not mistaken previously, sshuttle didn't work on WSL1 (failed with some error message), but I managed to run it on WSL2 without any issue. The ssh connection is established and I can access my Jenkins (using curl).
Then I tried to access my Jenkins on Windows via WSL2:
1. I found the IP address of WSL2 and the port the ssh tunnle:
# lsof -i -n | grep ssh
sshuttle 1234 rad 5u IPv4 39270 0t0 TCP *:socks (LISTEN)
ssh 5678 rad 3u IPv4 40252 0t0 TCP 172.25.236.84:57578->bastion:ssh (ESTABLISHED)
2. I configured network proxy setting of Firefox (v77) to use my ssh tunnle:
Manual proxy configuration
SOCK host: 172.25.236.84
Port: 1080
SOCKS V5 (tested with V4 as well)
But loading the page fails with "The connection was reset" error on Firefox. I tested via Powershell that the SOCKS port is open and responding (using Test-NetConnection).
1. Any idea what the problem is? How to make it work?
2. If it's not gonna work, is there any other solution (e.g. Docker, etc)?
Thanks.
I'm not sure, but my guess is that sshuttle doesn't actually act as a SOCKS proxy and that's why the connection gets reset.
I managed to access my Jenkins on Windows machine using ssh SOCKS proxy: ssh -D 0.0.0.0:1080 rad#bastion and configured Firefox to use the SOCKS proxy.
Interestingly, for this you don't even need WSL. It seems Windows 10 has OpenSSH and you can use it. Just open CMD and type ssh -D 1080 rad#bastion and setup Firefox to use localhost as the proxy.
If there's any better solution or any comment/concern (apart from DNS over SOCKS) with this approach, please share.
Thanks.
As alternative on WSL(2) you can run a regular SSH tunnel.
Eg:
ssh -N -L 127.0.0.1:5432:some_domain_to_forward:5432 user#jumpbox_ip
and then just connect to 127.0.0.1:5432

Proxy built with netcat not allowing http basic authentication

I made a simple proxy server using nc, here's the one-liner:
mkfifo queueueue
nc -l 8080 <queueueue | nc http://$JENKINS_HOSTNAME 80 >queueueue
It listens on port 8080 and then forwards the data to a connection to our Jenkins server. Jenkins is behind a VPN, and the machine I am running this proxy on has VPN access.
On my other machine (no VPN access), I would like to curl the Jenkins server, here's the command to initiate the request through the proxy:
http_proxy=10.1.10.10:8080 curl --user $JENKINS_USERNAME:$JENKINS_PASSWORD http://$JENKINS_HOSTNAME/api/json
Both the client and the proxy machine are on the same network, I can ping and ssh between them, also, I know that the client is connecting to the proxy server, I think the failure is arising when the client is trying to authenticate, here's the output when I try to curl:
$ http_proxy=10.1.10.10:8080 curl --user $JENKINS_USERNAME:$JENKINS_PASSWORD http://$JENKINS_HOSTNAME/api/json
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved here.</p>
<hr>
<address>Apache Server at $JENKINS_HOSTNAME Port 80</address>
</body></html>
How can I curl through a proxy like this with HTTP Basic Authentication?
I would use ssh for this instead of netcat.
Just to get some confusion out of the way, I will be referring to the node with VPN access as the "server", and the node without VPN access as the "client".
On the server side you should only need to install and have an ssh server running (in my test I have OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011).
On the client side you will need to do the following:
1) in your /etc/hosts file add in the address that your target URL resolves as on the server. I wasn't able to get curl to run DNS lookups through the proxy, which is why this is necessary.
2) setup ssh keys between the server and the client. while this is not necessary, it makes life easier.
3) run the following ssh command to have ssh act as a SOCKS proxy:
user#host$ ssh -vND 9999 <server>
-v is there so you can see what is going on with ssh,
-N tells ssh to not execute a remote command - this is useful for just simple port forwarding
-D this option is what actually forwards your local requests to the server
4) now you should be able to run the curl command you have above, but add in
---socks5 localhost:9999
Your full command will look like this:
curl --user $USER:$PASSWORD --socks5 localhost:9999 http://$JENKINS/api/json
If I can figure out how to forward the DNS requests from curl through ssh I'll update the ticket.
edit: formatting, awful grammar.

Curl error while trying to connect

I always used the curl command, now i have some problems with it.
I do curl --verbose https://testflightapp.com and its failed. the result is:
About to connect() to testflightapp.com port 80 (#0) Trying 110.173.143.147...Operation timed out
If I try manually on the browser its OK.
any solutions?
It seems curl is going to the wrong port: You're requesting a https URL, which, by default, is on port 443, and curl is going to 80.
Check if you have a curl version that supports HTTPS (has openssl/tls bindings).
Cheers,
Ricardo

Amazon EC2 permissions and a simple web server

I just started experiment with EC2 tonight, and got a server running locally. I know it works locally because when I curl http://localhost:8080/hello it outputs hello.
I want to access this from the outside world. I modified my permissions in my security group to allow 8080 access, and then typed in "curl http://ec2-123-45-67-891.compute-1.amazonaws.com:8080/hello" into my local terminal. I got the response "curl: (7) couldn't connect to host".
Do I need to do something differently? (Obviously yes, but what?)
Have you bound your server only to localhost? If so, you'll only be able to connect from localhost.
Check the netstat output for your process with something like:
sudo netstat -ltnp | grep your_server_process
Look for whether your server process is bound to 127.0.0.1:8080 or 0.0.0.0:8080. If the former, then you're only bound to localhost and you need to reconfigure it.
I met the same issue. Try use 0.0.0.0 instead of 127.0.0.1.
You allowed access on 8080, but in your localhost example, it's running on port 80.

How do I use Tor with cURL (in Windows)?

I have Vidalia installed, set up Chrome to use port 8118 for the proxy and I've checked my connection through https://check.torproject.org/ but I'm having difficulties getting this work with the command-line tool cURL. This is what I try:
C:\>curl -v --proxy localhost::9050 http://google.com
* About to connect() to proxy localhost port 0 (#0)
* Failed to connect to ↕: Address not available
* No error
* Trying 127.0.0.1... Failed to connect to 127.0.0.1: Address not available
* No error
* couldn't connect to host
* Closing connection #0
curl: (7) Failed to connect to ↕: Address not available
Solved:
curl -v --socks4a localhost:9050 http://check.torproject.org/
Use --socks5 (two dashes). -socks5 is not a valid parameter for curl, so curl is interpreting it as a hostname.
Turns out this entire mess was just syntax problems. A proper command is here:
curl -v --socks4a localhost:9050 http://check.torproject.org/
With TWO dashes before socks4a and ONE colon before the port.
More updated response using socks5.
curl -v --socks5 localhost:9150 http://check.torproject.org/
So, using port 9150 for socks 5.

Resources