search

nmap / npcap

Nmap Project's Windows packet capture and transmission library
https://npcap.com
Other
3.04k stars 520 forks source link

npcap 0.99-r2 breaks corporate proxy on Chrome (Windows) #84

Open ghost opened 6 years ago

ghost commented 6 years ago

Observed behaviour

We have a corporate proxy that is configured automatically (WPAD?) and uses the user's login to authenticate against. After installing the nmap 7.7 bundle (containing npcap 0.99-r2) Chrome couldn't connect to the proxy any more, so no "external" sites could be accessed.

Expected behaviour

npcap 0.99-r2 should not interfere with Chrome accessing a corporate proxy

Steps to reproduce

  1. have a corporate proxy with auto configuration ("Automatically detect settings" set in Windows Internet settings)
  2. Install nmap-7.70-setup.exe, choose to install npcap 0.99-r2
  3. Try to access pages that need the proxy to work with Chrome. "Local" pages that are not accessed trough the proxy still work.
  4. Chrome will respond with a DNS resolution error.

Notes

Interestingly both Firefox and IE were not affected by this. I also have a local proxy running on my machine. I need to use it for software that can't properly detect the corporate proxy. For testing purposes, I configured it in Windows. That didn't fix the problem with Chrome. I have tried both WinPCAP-API-Mode installation and "normal" installation. As soon as npcap is installed, Chrome doesn't work any more.

Steps to fix

Uninstall npcap 0.99-r2 via the control panel.

Versions

ghost commented 6 years ago

I've seen nmap/nmap#1165 so I tried both the WinPCAP-API version and the "standard" one but the behaviour doesn't change for me.

dmiller-nmap commented 6 years ago

Thanks for this bug report. Can you please provide output of DiagReport made while Npcap is installed and causing problems? Also, what is shown when you use Chrome to go to chrome://net-internals/#proxy?

While we would much rather solve the problem directly, I think a likely workaround would be uninstalling the Npcap Loopback Adapter by either deselecting "Support loopback traffic" in the Npcap installer or by running NPFInstall.exe -ul from the Npcap installation directory (usually C:\Program Files\Npcap\). This will prevent Nmap or other tools from being able to see or scan your own local system, but all outbound scanning and capture will still work fine.

ghost commented 6 years ago

Installing without loopback support seemed to do the trick. NMAP is working as expected, still Chrome works, too. I have included the DiagReport and Chome's proxy settings. If you need me to install it once again with the "Support loopback traffic" and generate the report, please let me know.

DiagReport-20180406-080148.txt

chrome://net-internals/#proxy Effective proxy settings PAC script: http://wpad/wpad.dat Source: SYSTEM Original proxy settings Auto-detect Source: SYSTEM