chrome in --headless mode: Provide credentials/auth for proxy

Question

I am running chrome the following way:

google-chrome --headless --disable-gpu --dump-dom --disable-web-security

Due to a corporate proxy, it seems to be bumping into a authentication popup that is asking to input credentials. How do I inject these credentials on the command line?

Answer 1

They is no direct way to do this. Google don't allow connection to a proxy with login/password in headless mode.

But, I was able to use proxy with credidential by using a MITMProxy. Other technology like Squid would work the same, but are more complicated to use.

The trick is to create a local upstream proxy using MITMProxy that transferred your call through the real proxy you want to use. MITMProxy do the autentification for you.

After installing MITMProxy, you can use it with the command line :

~/mitmdump -p 9000 --mode upstream:http://proxy:port --set upstream_auth=login:password --ssl-insecure

You have to replace ~/mitmdump with your real path to mitmproxy (mitmdump will run it on your console). -p 9000 mean that MITMProxy is listening to http://localhost:9000 so you have to call this proxy with Chrome headless. --mode upstream will tell MITMProxy to redirect your traffic toward the real proxy you want to use. --set upstream_auth allow you to connect with the right credidential. --ssl-insecure allow you to use https and ignore wrong certificate verification.

Then, you juste have to call chrome :

google-chrome --headless --disable-gpu --dump-dom --disable-web-security --proxy-server=http://localhost:9000

Before beeing able to use it properly for https call, you have to import the MITMProxy security certificate with certutil:

certutil -d  sql:$HOME/.pki/nssdb -A -t "C,," -n mitm -i ~/.mitmproxy/mitmproxy-ca-cert.pem

If you have any trouble using this trick, MITMProxy have a well done documentation: https://mitmproxy.org/