search

genotrance / px

An HTTP proxy server to automatically authenticate through an NTLM proxy
MIT License
936 stars 99 forks source link

Windows winkerberos SSPI can't get the credantial #131

Closed omeyssonnier closed 2 years ago

omeyssonnier commented 2 years ago

Hello I installed px.exe (https://github.com/genotrance/px/releases/tag/2019-05-20). I putted the credential into Credential Manager (Generic credential) as :

px:proxy.corporate.fr user: \

But px can't connect to this proxy : Error 407

The logs:

MainProcess: Thread_3: 1645699742: get_response_wkb: winkerberos SSPI
MainProcess: Thread_3: 1645699742: fwd_data: Reading response data
MainProcess: Thread_3: 1645699742: do_socket: Entering
MainProcess: Thread_3: 1645699742: do_socket: GET http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?f310418d962cdf2e HTTP/1.1
MainProcess: Thread_3: 1645699742: do_socket: Sending Proxy-Connection: Keep-Alive
MainProcess: Thread_3: 1645699742: do_socket: Sending Accept: */*
MainProcess: Thread_3: 1645699742: do_socket: Sending User-Agent: Microsoft-CryptoAPI/10.0
MainProcess: Thread_3: 1645699742: do_socket: Sending Host: ctldl.windowsupdate.com
MainProcess: Thread_3: 1645699742: do_socket: Sending Proxy-Authorization: Negotiate YIGBBgYrBgEFBQKgdzB1oDAwLgYKKwYBBAGCNwICCgYJKoZIgvcSAQICBgkqhkiG9xIBAgIGCisGAQQBgjcCAh6iQQQ/TlRMTVNTUAABAAAAl7II4ggACAA3AAAADwAPACgAAAAKAGNFAAAAD0RWRERQUkJGV0IwMDAwMURFVkIxRURW
MainProcess: Thread_3: 1645699742: do_socket: Sending extra Proxy-Authorization: sanitized len(802)
MainProcess: Thread_3: 1645699742: do_socket: Reading response code
MainProcess: Thread_3: 1645699742: do_socket: Response code: 407 True
MainProcess: Thread_3: 1645699742: do_socket: Reading response headers
MainProcess: Thread_3: 1645699742: do_socket: Received Via: 1.1 10.114.80.218 (McAfee Web Gateway 9.2.6.35079), 1.1 OPPR5VDR1-INTERNET, 1.1 OPPR5VDR1-FRONT
MainProcess: Thread_3: 1645699742: do_socket: Received Date: Thu, 24 Feb 2022 10:49:02 GMT
MainProcess: Thread_3: 1645699742: do_socket: Received Content-Type: text/html
MainProcess: Thread_3: 1645699742: do_socket: Received Cache-Control: no-cache
MainProcess: Thread_3: 1645699742: do_socket: Received Content-Length: 154
MainProcess: Thread_3: 1645699742: do_socket: Received X-Frame-Options: deny
MainProcess: Thread_3: 1645699742: do_socket: Received Proxy-Connection: Keep-Alive
MainProcess: Thread_3: 1645699742: do_socket: Received Proxy-Authenticate: sanitized (9)
MainProcess: Thread_3: 1645699742: do_socket: Received Proxy-Authenticate: sanitized (4)
MainProcess: Thread_3: 1645699742: do_GET: Error 407
MainProcess: Thread_3: 1645699742: fwd_resp: Entering
MainProcess: Thread_3: 1645699742: log_message: "GET http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?f310418d962cdf2e HTTP/1.1" 407 -
MainProcess: Thread_3: 1645699742: fwd_resp: Returning Via: 1.1 10.114.80.218 (McAfee Web Gateway 9.2.6.35079), 1.1 OPPR5VDR1-INTERNET, 1.1 OPPR5VDR1-FRONT
MainProcess: Thread_3: 1645699742: fwd_resp: Returning Date: Thu, 24 Feb 2022 10:49:02 GMT
MainProcess: Thread_3: 1645699742: fwd_resp: Returning Content-Type: text/html
MainProcess: Thread_3: 1645699742: fwd_resp: Returning Cache-Control: no-cache
MainProcess: Thread_3: 1645699742: fwd_resp: Returning Content-Length: 154
MainProcess: Thread_3: 1645699742: fwd_resp: Returning X-Frame-Options: deny
MainProcess: Thread_3: 1645699742: fwd_resp: Returning Proxy-Connection: Keep-Alive
MainProcess: Thread_3: 1645699742: fwd_resp: Returning Proxy-Authenticate: Negotiate
MainProcess: Thread_3: 1645699742: fwd_resp: Returning Proxy-Authenticate: NTLM
MainProcess: Thread_3: 1645699742: fwd_data: Reading response data
MainProcess: Thread_3: 1645699742: fwd_data: Content length 154
MainProcess: Thread_3: 1645699742: fwd_resp: Done
MainProcess: Thread_3: 1645699742: do_GET: Done

Have you got any idea ?

What is wrong ? ... I verified the password

genotrance commented 2 years ago

The generic credential internet or network address needs to be "Px" exactly. That's what Px will try to pull.