Menu
I have configured CNTLM Proxy Authorization on Windows with configuration file looking like,
Auth NTLM
PassNT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PassLM YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
PassNTLMv2 ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
Proxy proxy.xxxx.com:8080
Listen 3130
And I use localhost:3130 as proxy in LAN Settings, hit any URL on browser and it is asking for the password again!. If I enter the same password with which I generated the hash, it works. Simply the purpose of Cntlm is beaten. Has anybody faced this? How does this work? Is there any way to get around this problem?
654
Just go to that folder and open command prompt(keep pressing shift key and then right click gives you option to open command prompt at that folder.) and execute that exe(the one you see at start menu start cntlm server). Now you will see if service started successfully or not!
About Cntlm proxy Cntlm (user-friendly wiki / technical manual) is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft proprietary world. You can use a free OS and honor our noble idea, but you can't hide.
Cntlm integrates TCP/IP port forwarding (HTTP tunneling), SOCKS5 proxy mode, standalone proxy allowing you to browse intranet as well as Internet and to access corporate web servers with NTLM protection.
<EDIT> If you are using Windows then I strongly recommend px over Cntlm since it doesn't need any handsake mechanism.
Notes on px:
It is primarily designed to run on Windows systems and authenticates on behalf of the application using the currently logged in Windows user account
</EDIT>
1) Install CNTLM to default directory (on Windows, C:\Program Files (x86)\cntlm\ ).
2) Run cmd.exe
3) Type : cd "C:\Program Files (x86)\cntlm\"
4) Type : cntlm.exe -H -d your_domain -u your_username
It will ask your password. Enter your password and cntlm will give you some hashes. Something like this:
c:\Program Files (x86)\Cntlm>cntlm -H -d your_domain -u your_username
Password:
PassLM 4E9C185900C7CF0B6FFCB2044F81920C
PassNT 6E9F120B83EEA0E875CE8E6F9730EC9A
PassNTLMv2 2A0B7C2457FB7DD8DA4EB737C4FA224F
Now you have password hashed. Save them to a text editor.
5) Type : cntlm -M http://www.google.com
Again enter your password. It will give you something like this:
c:\Program Files (x86)\Cntlm>cntlm -M http://www.google.com
Password:
Config profile 1/4... Credentials rejected
Config profile 2/4... OK (HTTP code: 302)
----------------------------[ Profile 1 ]------
Auth NTLM
PassNT 6E9F120B83EEA0E875CE8E6F9730EC9A
PassLM 4E9C185900C7CF0B6FFCB2044F81920C
------------------------------------------------
Now you see that profile 2 is successful. Because it says OK for profile 2. It may be different on your system.
The trick is,
Now we got all we want. For my configuration, Auth says NTLM so I will use both PassNT and PassLM in the cntlm.ini configuration file.
This is an example configuration file NTLM (not NTLMv2!):
#
# Cntlm Authentication Proxy Configuration File
#
Username yourusername
Domain yourdomain
Auth NTLM
PassNT 6E9F120B83EEA0E875CE8E6F9730EC9A
PassLM 4E9C185900C7CF0B6FFCB2044F81920C
Workstation yourhostname.yourdomain
# Most probably proxy.yourdomain:8080
Proxy yourProxyIP:yourProxyPort
NoProxy localhost, 127.0.0.*, 10.*, 192.168.*
Listen 3132
Gateway yes
# end of config
6) To test your configuration, type: cntlm -c cntlm.ini -I -M http://www.google.com
7) To start cntlm, type: net start cntlm
Now you can use your computer's IP address and port 3132 as a proxy.
You can get the latest Cntlm binaries here: http://cntlm.sourceforge.net/
125
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
