Our corporate network has a nice proxy screening all internet activity. Requests without AD credentials are refused (unless exceptions are set up). This is a bit problematic as we can access content from the browser, but not from the command line.
For powershell, this works:
$wc = new Net.WebClient()
$wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
$wc.DownloadString('http://www.google.com')
But of course, tools that try to access the internet, or things like Vagrant up can't do this. Any ideas on what we can do to attach our credentials to any and all network requests (specially those from the command line)?
I should add that http and https are both blocked by the proxy when credentials aren't supplied.
Related
I have windows server ( AWS Workspace ) which uses a proxy server for internet access. I set the proxy in "Network and Internet" -> "Proxy" -> "Manual proxy setup" -> and . After setting up the proxy, my internet access through the browser started to work fine. But, when I try to run my java code using the command prompt, the internet access fails and libraries fails to download. The same libraries are accessible via browser.
Is there anything specific to be done, to direct the internet traffic through proxy for cmd prompt?
We are using squid proxy.
The "command prompt" does not have proxy settings.
Windows applications that use the WinInet or WinHTTP libraries for HTTP connections generally follow the users proxy settings. Applications/libraries that uses plain sockets do not get automatic proxy handling, they need to call WinHttpGetIEProxyConfigForCurrentUser to retrieve the proxy configuration.
For Java, you can try System.setProperty("java.net.useSystemProxies", "true");
I'm new in JMeter and my topic seems to be very similar to another ones already existing. However, it is not - I was trying already all the solutions for the errors that I get and nothing works :/
I have already set up all proxy settings and certificates, and it's working fine (with the same settings) on the other VM.
Outside the recording, I can see proper 'No Internet' warning:
enter image description here
However, once started recording, there are errors in the console and the front end of the application does not look like originally:
enter image description here
Please help! I've already done all the recommendations for clearing caches, SSL, removing files in Windows32 archive and so on...
You should try recording your script using Blazemeter Chrome Extension. Hope, this resolve your issue.
It might be the case there are differences in machines themselves, not in JMeter settings, for example this No Internet message most probably means that the browser is connected to JMeter's proxy server, but JMeter itself cannot connect to the internet.
Try creating a simple manual Test Plan with a single HTTP Request sampler to open http://example.com website. If the request will be successful - you will need to double check your browser and JMeter configuration. However if you get the UnknownHostException instead it may mean that:
Networking configuration of the machine is incorrect (it cannot access the Internet)
The machine requires an upstream Proxy server in order to be able to access Internet resources so you will need to make JMeter aware of this proxy server by passing appropriate command line arguments to the JMeter startup script:
jmeter -E https -H my.proxy.server -P 8000 -u username -a password -N localhost
in order to make the changes permanent you can define:
http.proxyScheme
http.proxyHost
http.proxyPort
https.proxyHost
https.proxyPort
in system.properties file and http.proxyDomain in user.properties file, check out Apache JMeter Properties Customization Guide for more information on JMeter properties and ways of setting and overriding them
I am working with a self-hosted servicestack webservice on a Windows 10 machine and I am trying to enable https on it. What I have done so far is this:
1) I have created a wildcard cert using our companies cert server and exported it with the private key.
2) I have installed the cert on my dev machines' "LocalMachine/Personal" cert store.
3) I have run the following commands from the command line:
netsh http add sslcert ipport=0.0.0.0:{DefaultConfig.DefaultSslPort} certhash={sha1} appid={{{appId}}}
netsh http add urlacl url=https://+:{DefaultConfig.DefaultSslPort}/ user=everyone
4) I added the following to my Program.cs
var listeningOn = $"http://*:{DefaultConfig.DefaultPort}/";
appHost.Start(new[]{ listeningOn, $"https://*:{DefaultConfig.DefaultSslPort}/" });
Now when I launch the project, the http binding works no problem the webservice loads and works as expected. However when I try the https binding, the browser shows that a connection was made and the cert is valid (green lock appears and network traffic shows connection succeeding) however the server responds with:
HTTP Error 503. The service is unavailable.
Clearly it is available (as the Http binding proves) but there is some disconnect between windows and servicestack and I don't really know where to look for answers on this. I have tried a bunch of search phrases but they all seem to tell me to check/do what I have already checked/done or the results are specific to a particular application/framework/OS and have not been helpful.
Ok, so counter to MANY MANY MANY posts out there, you should NOT reserve the url using:
netsh http add urlacl url=https://+:{DefaultConfig.DefaultSslPort}/ user=everyone
When self-hosting with ServiceStack. I don't know why (if you know why, feel free to post a comment) but this makes windows unable to pass the https request down to your self-hosted site. I checked this by downloading ServiceStack source code and put a break point on the connection callback that is the entry point for any incoming connections. The breakpoint is never hit, therefore the request never gets to Servicestack.
Once I removed the URL reservation, everything worked fine.
I was trying to install Rubygems on my Windows 7 machine and had to authenticate myself with a corporate proxy server. I saw several people on various forums with the same problem, and the common solution seemed to be
set http_proxy=http://username:password#www-domain.com:80
While this did work for me and allowed me to download the Rubygems that I needed, I spoke with a security professional about the security of typing the password in plaintext like that, and he did a packet capture with Wireshark and was able to see my credentials. Is there a way to pass credentials in securely through the command line? I know that a lot of other Ruby developers at my company would like to download gems and need a way to authenticate themselves, but I'd prefer to find a secure solution before I help anyone else out.
No, because you connect with http to your proxy, the crendials will be send in cleartext by design.
If your company cares about security, you should connect via https:// to your http proxy.
I have the following problem. I have an application (3rd party) that needs to connect to API via a proxy to request various data again and again. The application has a configuration section where the necessary details can be entered (the app then stores them in a config.ini file). However, one client doesn't like the proxy user/password to be stored in config files;
As I don't have access to the application's code, the simplest solution I can think of is something along the lines of a tunnel, i.e. write a simple app/script that would open a connection to the proxy, prompts the user for the username/password and then keep the connection open so that the application can access the proxy without needing username/password everytime. Is something like this possible? I mean I don't to create sort of full blown proxy that would sit between the app and the real proxy server, all I really want is something like a session so that once the IP is authorized to get through the proxy, the consequent requests go through as well.
I'd appreciate help and/or any suggestions for an alternate solution
p.s. the app is win32 only so the solution is for win32 only as well (ie no cygwin, etc.)
Thank you
Proxy credential caching typically works on a per-process basis, not a per-machine basis. So, having Application A make a request through the proxy rarely allows Application B to make a request without getting challenged.
If you can change the application's code, make a single request through the proxy using the desired credentials; e.g. make a HEAD request for your server's homepage. Most HTTP stacks (e.g. WinINET) will cache the proxy credentials for the life of the process.