Is there any proxy software (like proxifier) which can use Kerberos authentication? - kerberos

My company uses PAC file to restrict any outgoing traffic through proxy server. The problem is, a lot of software does not provide the option to 'use IE setting', so that they cannot be connected to the internet.
I checked this PAC file up and found the right proxy server. But after I tried to use the proxy setting for these IE-unfriendly software, they still cannot get online. I used chrome to capture some packages and found the http header containing some Negotiation data. So I assume this proxy server uses some auto login mechanism like NTLM or kerberos.
But after I downloaded the famous Proxifier and tried to reroute the net traffic for some software, NTLM method did not work. I get the 502 error. Bummer...
Any hero comes to help! Am I thinking in the wrong way? Merci beacoup!

This is not a programming question but, did you try
cntlm (http://cntlm.sourceforge.net/) or
ntlmaps (http://ntlmaps.sourceforge.net/)?
Hope this helps

Related

Vue.JS + Socket.IO & Cloudflare

Im trying to run a website with socket.io Vue-Socket.io and want to enable DDOS protection from cloudflare. As I know cloudflare supports websocket-servers such as socket.io.
After I enabled cloudflare successfully and changed the ports of my socket-connection, the google dev console tells me:
Failed to load http://my-domain.com:2083/socket.io/?EIO=3&transport=polling&t=M9uD7PJ: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://my-domain.com.com' is therefore not allowed access. The response had HTTP status code 400.
Someone can tell me what I have to change?
PS: Im working with the vuejs-cli
This is a CORS issue.
In your socket.io server, add the configuration to enable CORS: server.origin().
In your case:
io.set('origins', 'http://my-domain.com:2083');
Again this is a server-side issue, it is just being reflected in Vue. But there's nothing Vue (or the client-side) can do about it.
I played around with some of the examples of #acdcjunior and found a solution finally.
On my server I implemented:
io.set('origins', 'http://my-domain.com:*');
For the clients I connect to the socket server:
export const SocketInstance = socketio('my-domain.com:2082');
don't ask me why, but I tried and tried around for about 7 Hours.. love programming :)

How to use Fiddler in C# with a proxy?

I've been using Fiddler in C#.
So far I'm able to intercept requests. However, I need to set a proxy. I did so, the proxy is set.
In Proxy Settings Windows' form, I have for HTTP and Secure: 127.0.0.1 for Proxy address to use and for the Port, 8888.
This is the same that is done when I use Fiddler application directly.
However, when I set it through my C# code, instead of using Fiddler, I can't navigate. My pages give me the message:
Your connection is not secure
What more do I need to do? What Fiddler do that I'm missing to correctly set a proxy?
Usually if it cant make a secure connection, you need to trust Fiddler's root certificate on your development PC. If you are using Firefox you will have to do an additional step to trust the certificate inside FF.

Can i use localhost as a URL Callback in a messenger webhook

Good evening, just saw that Facebook released his messenger bot toolkit and i immediately jumped right into it to learn more about it and maybe try to do my own.
My problem is that i don't have a https website running and it requires a https valid url. I tried to use my local web-server that has a certificate but it doesn't work.
My question is if this is possible to be done using a localhost url at all.
Thank you in advance
Actually this is possible with localhost. Use ngrok. It allows you to open localhost to the public web, over http or https. This should only be used for testing however.
If you want to test webhooks on your local environment, I would try ultrahook.com, you can get an API Key for free and the tool creates a tunnel from a public URL to your computer. This is from their FAQs page:
You download and run the UltraHook client on your computer. It
connects to UltraHook servers in the cloud and creates a tunnel from a
public endpoint on our servers to your computer. Any HTTP POST
requests sent to the public end point will be sent through the tunnel
an delivered to a private endpoint accessible from your computer.
I have used it to test webhooks from different providers (like payment gateways). In your computer, you can run something like:
ultrahook <subdomain> http://localhost:8000/webhook/
and then configure the webhook URL in your external service to something like <subdomain>.ultrahook.com
My question is if this is possible to be done using a localhost url at all.
No, of course it isn’t – because what such a “callback” actually means, is that Facebook makes a request to your server – and that is hardly possible with localhost.
A valid SSL certificate for your website is easy to get for free these days, via LetsEncrypt. And even if that is not available on your server, there’s still StartSSL, that provide basic certificates for free. All you need is a server you can install them on, or upload them to, or whatever mechanism your hoster provides for it. (And if they don’t provide any, then it might be time to switch.)

weblogic ssl with custom truststore

Is it possible that weblogic uses a custom ssl socket implementation? I'm running into a problem with the JavaMail. Trying to use a smtp ssl connection fails even though I've setup a custom truststore with the mailserver ca. However if I set the javax.net.ssl.trustStore property to use a truststore with the mailserver ca everything works.
This makes me think that weblogic uses their custom sockets or custom config for sockets. While JavaMail relies on the standard mechanisms and will not take into account what's in the weblogic custom truststore.
Any ideas?
(posted as an answer - thanks!)
WebLogic Server doesn't use custom socket implementation that I'm aware of. I've integrated it in the past with a number of client applications or other servers. That being said, SSL is gloriously frustrating to get working right. Can you post the exceptions/errors you're getting in your logs when WebLogic Server tries to make the connection? If you're not seeing anything in the logs, depending on the version of WebLogic Server you're using, there are a number of debug flags you can enable to get more information.
By default WebLogic uses the Certicom SSL implementation. My experience of this library has been nothing but grief. You haven't provided any details of the error but I would enable the Sun implementation to see if that helps. In the "Advanced" tab in the SSL-configuration there is a checkbox called "Use JSSE SSL" which will do it.
Or you can do it with system properties like so:
http://weblogic-wonders.com/weblogic/2010/11/09/enforce-weblogic-to-use-sun-ssl-implementation-rather-than-certicom/

How to create Man in the Middle instrumentation

I'm trying to see how a certain application is talking to a server in SSL. Basically, the process just hangs when it claims to have done some SSL communication. I want to debug the problem by catching the traffic, but I can't really use a sniffer since SSL will probably look like a hexdump.
Is there a good man-in-the-middle tool that I could use as instrumentation? I just need something that will show me the decrypted communication. Hopefully very easy to setup. I could even point the application to any IP address/port available to my machine (eg localhost:8888), so proxies would be fine. Also, I can probably configure the application to accept any certificate.
What do you use to simulate a man-in-the-middle (mitm) SSL attack?
UPDATE: I tried fiddler and can't get it to work. I installed openssl and typed the following command:
openssl s_client -connect smtp.gmail.com:465
Gmail responds with their certificate and a 220 mx.google.com ESMTP .... However, Fiddler does not capture the traffic. I set the WinINET options in fiddler to "Use the same proxy server for all protocols". Can anyone else get this to work (or not work)? I think I need to find a way to have openssl use a proxy.
Fiddler allows you to implement a man in the middle attack against yourself to see what is inside the SSL tunnel.
Fiddler generates a unique root SSL certificate for your computer, and then creates a session certificate signed by the root. When you configure Fiddler to decrypt SSL for you it acts as a proxy between you and the destination, decrypting the traffic using the site's SSL certificate and then re-encrypting it using its own certificate.
Your browser/application will see an untrusted certificate error. You can get around this error by choosing to trust Fiddler's root certificate.
The folks over at .Net Rocks did a great podcast episode on using Fiddler to sniff your traffic.
I haven't use it for this purpose but Fiddler should be able to do what you want.
Fiddler is a Web Debugging Proxy which
logs all HTTP(S) traffic between your
computer and the Internet. Fiddler
allows you to inspect all HTTP(S)
traffic, set breakpoints, and "fiddle"
with incoming or outgoing data.
Fiddler includes a powerful
event-based scripting subsystem, and
can be extended using any .NET
language.
Fiddler is freeware and can debug
traffic from virtually any
application, including Internet
Explorer, Mozilla Firefox, Opera, and
thousands more.
If you are using the amazingly useful Wireshark sniffer, then you can have it decrypt SSL if you are able to provide it the appropriate key files.