Skip to content

bdwyertech/gontlm-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

177 Commits
.github
.github
 
 
cmd
cmd
 
 
pkg
pkg
 
 
vendor
vendor
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

gontlm-proxy

🔧 NTLM Proxy Forwarder in Golang.

GoDoc Build Status Coverage Status Gitter

Overview

This project was inspired by CNTLM & PX. Operating behind a corporate proxy can make using tooling difficult. It can also force you into putting your credentials into ENV variables, definitely not good! The goal here is to leverage the Windows SSPI subsystem to authenticate to your proxy automatically.

Usage

When GoNTLM-Proxy first starts, it reads the configured proxy from the Windows Registry SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings, or can be set via the GONTLM_PROXY environment variable.

By default, GoNTLM-Proxy listens locally on port 3128, however this can be set via the GONTLM_BIND environment variable.

Available environment variables

Variable Default Description
GONTLM_PROXY On Win: from registry.
On MacOS: from scutil.
On others: ""		 The upstream proxy URL
GONTLM_BIND "http:https://0.0.0.0:3128" This defines on which IP and port the proxy will be listen
GONTLM_USER "" The Username which will be used for the upstream proxy for authentication
GONTLM_PASS "" The Password which will be used for the upstream proxy for authentication
GONTLM_DOMAIN "" The Domain which will be used for the upstream proxy for authentication
GONTLM_CA USERS_HOMEDIR/.gontlm-ca.pem The Certificate Authority which will be used for TLS communication
GONTLM_PROXY_VERBOSE false This set the loglevel for the logging library
GONTLM_PROXY_IDLE_TIMEOUT unset This set the IdleTimeout for the proxy. The format is documented in ParseDuration

Background Task

Running this as a background task is likely preferred over running it as a service. Unfortunately, Windows does not let you run services as users without specifying credentials unless you turn off some Security Policy and I do not recommend this. The whole purpose of this project is to remove the need for hardcoded credentials after all.

Chances are, you want to use this with a CLI tool, so I have found it best to run this as a background job with PowerShell. The beauty of this is that when you close your terminal, it also kills the process.

function GoNTLM-Enable {
	Remove-Job -Name GoNTLM-Proxy -Force -ErrorAction SilentlyContinue
	Start-Job -Name GoNTLM-Proxy -ScriptBlock { C:\Path\to\gontlm-proxy.exe }
	$env:http_proxy='http:https://127.0.0.1:3128'
}

Service

If you run this as a service, it will run as NT AUTHORITY/SYSTEM. If you wish to run it as another user, you can edit the service after installation.

Install

Release binaries are available under the GitHub Releases page. Alternatively, you can do this the Go way.

$ go get github.com/bdwyertech/gontlm-proxy

Development

$ go run .\cmd\gontlm-proxy\

License

MIT

About

NTLM Proxy Forwarder

Resources

Readme

License

MIT license
Activity

Stars

60 stars

Watchers

6 watching

Forks

10 forks
Report repository

Releases 75

v0.5.33 Latest
Jan 9, 2024
+ 74 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages