Forward NTLM authentication to corporate proxy from local proxy server

Solution 1:

Might be a bit late but wanted to mention this nonetheless. No doubt having NTLM support in your script would be great but that would add complexity for no big returns. Might be best to use NTLMAps, Cntlm or Px.

NTLMAps and Cntlm are proxies that do the NTLM auth as an intermediary proxy. However, they both require the user/pass since they are mostly targeted towards Linux users. I historically used these tools on Windows but was annoyed by the same requirement of having to provide the credentials to them and update every time my password changed.

As a result, I've authored Px for Windows which is an HTTP proxy like the above two, but uses SSPI to manage the required authentication with the corporate proxy. All you need to configure is the proxy server and port.

For developing your own apps, the code should also help figure out how to do this within Python and perhaps other languages which have access to SSPI. But you'd rather isolate the NTLM mess and not meddle with it.

Solution 2:

Have you taken a look at these?

NTLM Authorization Proxy Server

Python NTLM

---

Solution 3:

I know this is a really old question, but all the answers I have seen require you to enter your NTLM credentials into some sort of python NTLM proxy handling code. These proxies are also prone to be buggy, in my experience. I created a solution for Windows, which automatically will detect corporate proxy system configurations and also automatically perform NTLM authentication with the current user's credentials. This solution uses pywin32 and COM calls. It isn't pretty, but it works well, so I wanted to pass it along in case it helps someone else.

In the example, I show how to do a POST, but other types of requests should be easy to figure out from this code:

import win32com.client

try:
    import _winreg as winreg
except:
    import winreg

class HTTP:
    proxy = ""
    isProxy = False

    def __init__(self):
        self.get_proxy()

    def get_proxy(self):
        oReg = winreg.ConnectRegistry(None, winreg.HKEY_CURRENT_USER)
        oKey = winreg.OpenKey(oReg, r'Software\Microsoft\Windows\CurrentVersion\Internet Settings')
        dwValue = winreg.QueryValueEx(oKey, 'ProxyEnable')

        if dwValue[0] == 1:
            oKey = winreg.OpenKey(oReg, r'Software\Microsoft\Windows\CurrentVersion\Internet Settings')
            dwValue = winreg.QueryValueEx(oKey, 'ProxyServer')[0]
            self.isProxy = True
            self.proxy = dwValue

    def url_post(self, url, formData):
        httpCOM = win32com.client.Dispatch('Msxml2.ServerXMLHTTP.6.0')

        if self.isProxy:
            httpCOM.setProxy(2, self.proxy, '<local>')

        httpCOM.setOption(2, 13056)
        httpCOM.Open('POST', url, False)
        httpCOM.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded')
        httpCOM.setRequestHeader('User-Agent', 'whatever you want')

        httpCOM.send(formData)

        return httpCOM.responseText

http = HTTP()

print(http.url_post('http://ipecho.net/', 'test=1'))