Skip to main content

HTTP Negotiate (SPNEGO) proxy authentication support for applications.

Project description

HTTP Negotiate (SPNEGO) proxy authentication support for applications. This allows applications that do not support HTTP proxies or do not support HTTP proxies with Negotiate authentication to allow them to safely traverse corporate firewalls without whitelisting IP addresses or MAC addresses and rather relying on secure user authentication. This tool is not intended to bypass firewall or proxy restrictions, in fact this tool was designed for better corporate security and centralized control.

Installation

Install the easy way through PyPi:

$ pip install proxy-negotiate

Or alternatively download and build yourself:

$ git clone https://github.com/cour4g3/proxy-negotiate $ cd proxy-negotiate $ python setup.py install

Usage

On Windows you need to be connected to a domain or alternatively running the MIT Kerberos Ticket Manager, on Linux you need to install and setup the MIT or Heimdal Kerberos client/workstation tools.

nc-negotiate

A netcat-like implementation for use with programs such as SSH; now by simply using ProxyCommand, SSH can safely traverse the proxy through an HTTP CONNECT TCP tunnel.

$ nc-negotiate host port [proxy_host] [proxy_port]

Example of usage with ssh command line:

$ ssh -o ProxyCommand=”nc-negotiate %h %p” myexternalhost.com

Or in your ~/.ssh/config:

Host myexternalhost.com:

ProxyCommand nc-negotiate %h %p

proxy-negotiate

For applications that support proxies but don’t support authentication or don’t support Negotiate, this acts a pseudo-proxy that applies the correct Authorization headers and then passes the connection request on:

$ proxy-negotiate [port] [proxy_host] [proxy_port]

Then set your proxy configuration in your application or alternatively your proxy environment variables:

$ export HTTP_PROXY=http://localhost:8080

Now your application will correctly authenticate through the proxy without knowing how to. It also means no network passwords floating around in arbitary configuration files.

## Todo

  • Better parsing of the http_proxy and other proxy environment variables.

  • Consider methods to route requests from applications that do not support proxies at all.

## License

Licensed under the MIT License.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Proxy-Negotiate-0.2.2.tar.gz (5.2 kB view details)

Uploaded Source

File details

Details for the file Proxy-Negotiate-0.2.2.tar.gz.

File metadata

File hashes

Hashes for Proxy-Negotiate-0.2.2.tar.gz
Algorithm Hash digest
SHA256 cc328a61e719f938d82b54a55c65c50853451b62d7fd515c0aec584f29e27782
MD5 fab184fd65aff556e0c1818a13df06a7
BLAKE2b-256 4a4522ca98d547e428ce5b75fd52afba33253ad59f78b5e464650eceaeda65b5

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page