How to fill in proxy information in cntlm config file

Question

Cntlm is an NTLM   NTLM Session Response   NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft proprietary world     I have my proxy URL in the following format   http   user passwords my proxy server com 80   And I have to provide this information to cntlm  Its config file cntlm ini has following structure and parameters   Username  Domain Password     Proxy      I am not sure  how to break up my original proxy property to fill these four options

User · Answer

Once you generated the file  and changed your password  you can run as below   cntlm -H   Username will be the same  it will ask for password  give it  then copy the PassNTLMv2  edit the cntlm ini  then just run the following  cntlm -v

User · Answer

Just to add   if you are performing a  pip  operation   you might need to add and additional  --proxy localhost port number   e g pip install --proxy localhost 3128 matplotlib  Visit this link to see full details

User · Answer

The solution takes two steps   First  complete the user  domain  and proxy fields in cntlm ini  The username and domain should probably be whatever you use to log in to Windows at your office   eg   Username            employee1730 Domain              corporate Proxy               proxy infosys corp 8080   Then test cntlm with a command such as  cntlm exe -c cntlm ini -I -M http   www bbc co uk   It will ask for your password  again whatever you use to log in to Windows    Hopefully it will print  http 200 ok  somewhere  and print your some cryptic tokens authentication information  Now add these to cntlm ini  eg   Auth            NTLM PassNT          A2A7104B1CE00000000000000007E1E1 PassLM          C66000000000000000000000008060C8   Finally  set the http proxy environment variable in Windows  assuming you didn t change with the Listen field which by default is set to 3128  to the following  http   localhost 3128

User · Answer

Without any configuration  you can simply issue the following command  modifying myusername and mydomain with your own information    cntlm -u myusername -d mydomain -H   or  cntlm -u myusername mydomain -H   It will ask you the password of myusername and will give you the following output   PassLM          1AD35398BE6565DDB5C4EF70C0593492 PassNT          77B9081511704EE852F94227CF48A793 PassNTLMv2      A8FC9092D566461E6BEA971931EF1AEC      Only for user  myusername   domain  mydomain    Then create the file cntlm ini  or cntlm conf on Linux using default path  with the following content  replacing your myusername  mydomain and A8FC9092D566461E6BEA971931EF1AEC with your information and the result of the previous command    Username    myusername Domain      mydomain  Proxy       my proxy server com 80 NoProxy     127 0 0    192 168    Listen      127 0 0 1 5865 Gateway     yes  SOCKS5Proxy 5866  Auth        NTLMv2 PassNTLMv2  A8FC9092D566461E6BEA971931EF1AEC   Then you will have a local open proxy on local port 5865 and another one understanding SOCKS5 protocol at local port 5866

User · Answer

For me just using cntlm -H wasn t generating the right hash  but it does with the command below providing the user name   If you need to generate a new password hash for cntlm  because you have change it or you ve been forced to update it  you can just type the below command and update your cntlm conf configuration file with the output     cntlm -u test -H Password   PassLM          D2AABAF8828482D5552C4BCA4AEBFB11 PassNT          83AC305A1582F064C469755F04AE5C0A PassNTLMv2      4B80D9370D353EE006D714E39715A5CB      Only for user  test   domain

User · Answer

Update your user  domain  and proxy information in cntlm ini  then test your proxy with this command  run in your Cntlm installation folder    cntlm -c cntlm ini -I -M http   google ro   It will ask for your password  and hopefully print your required authentication information  which must be saved in your cntlm ini  Sample cntlm ini   Username            user Domain              domain    provide actual value if autodetection fails   Workstation         pc-name  Proxy               my proxy server com 80 NoProxy             127 0 0    192 168    Listen              127 0 0 1 54321 Listen              192 168 1 42 8080 Gateway             no  SOCKS5Proxy         5000   provide socks auth info if you want it   SOCKS5User          socks-user socks-password    printed authentication info from the previous step Auth            NTLMv2 PassNTLMv2      98D6986BCFA9886E41698C1686B58A09   Note  on linux the config file is cntlm conf

User · Answer

Here is a guide on how to use cntlm  What is cntlm   cntlm is an NTLM NTLMv2 authenticating HTTP proxy  It takes the address of your proxy and opens a listening socket  forwarding each request to the parent proxy  Why cntlm   Using cntlm we make it possible to run tools like choro  pip3  apt-get from a command line  pip3 install requests choco install git   The main advantage of cntlm is password protection   With cntlm you can use password hashes   So NO PLAINTEXT PASSWORD in  HTTP PROXY  and  HTTPS PROXY  environment variables  Install cntlm  You can get the latest cntlm release from sourceforge  Note  Username and domain  My username is zezulinsky  My domain is local  When I run commands I use zezulinsky local  Place your username when you run commands  Generate password hash  Run a command  cntlm -u zezulinsky local -H   Enter your password   Password    As a result you are getting hashed password   PassLM          AB7D42F42QQQQ407552C4BCA4AEBFB11 PassNT          PE78D847E35FA7FA59710D1231AAAF99 PassNTLMv2      46738B2E607F9093296AA4C319C3A259   Verify your generated hash is valid  Run a command  cntlm -u zezulinsky local -M http   google com   Enter your password  Password    The result output  Config profile  1 4    OK  HTTP code  301  ----------------------------  Profile  0  ------ Auth            NTLMv2 PassNTLMv2      46738B2E607F9093296AA4C319C3A259 ------------------------------------------------   Note  check that PassNTLMv2 hash is the same The resulting hash is the same for both commands  PassNTLMv2      46738B2E607F9093296AA4C319C3A259   Change configuration file  Place generated hashes into the cntlm ini configuration file  C  Program Files  x86  Cntlm cntlm ini   Here is how your cntlm ini should look like  Username    zezulinsky Domain      local PassLM      AB7D42F42QQQQ407552C4BCA4AEBFB11 PassNT      PE78D847E35FA7FA59710D1231AAAF99 PassNTLMv2  46738B2E607F9093296AA4C319C3A259  Proxy       PROXYSERVER 8080 NoProxy     localhost  127 0 0   Listen      3128   Note  newline at the end of cntlm ini  It is important to add a newline at the end of the cntlm ini configuration file  Set your environment variables  HTTPS PROXY http   localhost 3128 HTTP PROXY http   localhost 3128   Check that your cntlm works  Stop all the processes named cntlm exe with process explorer  Run the command  cntlm -u zezulinsky local -H   The output looks like  cygwin warning    MS-DOS style path detected  C  Program Files  x86  Cntlm cntlm ini   Preferred POSIX equivalent is   Cntlm cntlm ini   CYGWIN environment variable option  nodosfilewarning  turns off this warning    Consult the user s guide for more details about POSIX paths      http   cygwin com cygwin-ug-net using html using-pathnames section  local  Username    zezulinsky  section  local  Domain    local  section  local  PassLM    AB7D42F42QQQQ407552C4BCA4AEBFB11  section  local  PassNT    PE78D847E35FA7FA59710D1231AAAF99  section  local  PassNTLMv2    46738B2E607F9093296AA4C319C3A259  section  local  Proxy    PROXYSERVER 8080  section  local  NoProxy    localhost  10    127 0 0   section  local  Listen    3128  Default config file opened successfully cntlm  Proxy listening on 127 0 0 1 3128 Adding no-proxy for   localhost  Adding no-proxy for   10    Adding no-proxy for   127 0 0    cntlm  Workstation name used  MYWORKSTATION cntlm  Using following NTLM hashes  NTLMv2 1  NT 0  LM 0  cntlm  PID 1234  Cntlm ready  staying in the foreground   Open a new cmd and run a command   pip3 install requests   You should have requests python package installed  Restart your machine  Congrats  now you have cntlm installed and configured

[proxy] How to fill in proxy information in cntlm config file?

Examples related to proxy