Skip to content

Fix HTTP proxy authentication to support both preemptive and challenge-response auth#134

Merged
1 commit merged intowindtf:masterfrom
lhpalacio:http_authentication
Sep 3, 2024
Merged

Fix HTTP proxy authentication to support both preemptive and challenge-response auth#134
1 commit merged intowindtf:masterfrom
lhpalacio:http_authentication

Conversation

@lhpalacio
Copy link
Contributor

@lhpalacio lhpalacio commented Aug 28, 2024

The current HTTP proxy authentication implementation works with clients that use preemptive authentication (like curl) but fails with clients expecting a challenge-response flow (such as Puppeteer and web browsers).

Solution:

  1. Immediately returning a 407 Proxy Authentication Required status when no auth header is present.
  2. Adding a Proxy-Authenticate header to 407 responses, prompting clients to provide credentials.

Testing with Puppeteer:

Should fail before the change and pass after the fix

const puppeteer = require('puppeteer');

(async () => {
  const browser = await puppeteer.launch({
    args: [`--proxy-server=http://0.0.0.0:25345`],
  });

  const page = await browser.newPage();
  await page.authenticate({
    username: 'username',
    password: 'password',
  });

  await page.goto('https://httpbin.org/ip');
  const body = await page.waitForSelector('body');
  const ip = await body.getProperty('textContent');
  console.log(await ip.jsonValue());

  await browser.close();
})();

@ghost ghost merged commit 4a564b5 into windtf:master Sep 3, 2024
artem-russkikh added a commit to artem-russkikh/wireproxy-awg that referenced this pull request Sep 14, 2024
@artem-russkikh @tazz4843 @lhpalacio
Sync fork (#3)
fe2920a 
* Update README (windtf#137)

* Fix broken sandboxing resulting in SIGABRT (windtf#136)

* Fix HTTP proxy authentication to support both preemptive and challenge-response auth (windtf#134)

* Bump version

---------

Co-authored-by: Niko <niko@niko.lgbt>
Co-authored-by: Luiz Henrique Gomes Palácio <lhpalacio@outlook.com>
artem-russkikh added a commit to artem-russkikh/wireproxy-awg that referenced this pull request Jul 22, 2025
@artem-russkikh @tazz4843
@lhpalacio @dependabot @yaroslaff @hrntknr @larsgerber @DirtyHairy @lexandr0s @edevosc2c
Update upstream (#11)
f06d582 
* Update README (windtf#137)

* Fix broken sandboxing resulting in SIGABRT (windtf#136)

* Fix HTTP proxy authentication to support both preemptive and challenge-response auth (windtf#134)

* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 (windtf#146)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.31.0.
- [Commits](golang/crypto@v0.21.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update README.md (windtf#150)

Fixed curl example command to work well with sudo

* Fix PingRecord race condition (windtf#149)

* docs: add syntax highlighting and Go install command (windtf#158)

* docs: add syntax language for codeblocks

* docs: add install instructions for Go

* Make sure that closing one direction closes the other, too. (windtf#159)

* Make sure that closing one direction closes the other, too.

* Pacify linter.

* Bump golang.org/x/net from 0.23.0 to 0.33.0 (windtf#160)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0.
- [Commits](golang/net@v0.23.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add IPRoyal referral link

* Add hint to run Wireproxy as system daemon in rc.d-based system (windtf#164)

* Add hint for rc.d service

* Update README.md

---------

Co-authored-by: root <root@prox1.example.com>

* fix: issue with omiting endpoint (windtf#157)

fixes windtf#156

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Niko <niko@niko.lgbt>
Co-authored-by: Luiz Henrique Gomes Palácio <lhpalacio@outlook.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yaroslav <yaroslaff@gmail.com>
Co-authored-by: Takanori Hirano <me@hrntknr.net>
Co-authored-by: Lars Gerber <75072836+larsgerber@users.noreply.github.com>
Co-authored-by: Christian Speckner <christian.speckner@mayflower.de>
Co-authored-by: pufferffish <me@windtfw.com>
Co-authored-by: lexandr0s <lexandr0s@users.noreply.github.com>
Co-authored-by: root <root@prox1.example.com>
Co-authored-by: Emilien Devos <121870973+edevosc2c@users.noreply.github.com>
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lhpalacio