I am a software and security engineer!
savely-krasovsky / escobar Goto Github PK
View Code? Open in Web Editor NEWLike cntlm but for Kerberos
License: Apache License 2.0
Like cntlm but for Kerberos
License: Apache License 2.0
Hi,
downstream proxy answers with 407 even though at least req in ServeHTTP contains the header so I assume it is indeed sent to the proxy (cannot sniff).
When I use a https target using CONNECT method it works.
escobar mode == auto
It would be nice to support Windows Service. Now users have to just start it from cmd.exe
and leave it open forever.
Golang already has some support of it, so it shouldn't be hard to implement: https://pkg.go.dev/golang.org/x/sys/windows/svc?tab=doc
Can we have no_proxy option in config?
There is no way to use universal no_proxy setting across all services and apps in system: https://about.gitlab.com/blog/2021/01/27/we-need-to-talk-no-proxy/
So it would be helpful to configure proxy bypassing in one place like in Preproxy.
If you think that it is a good idea, I can try to implement this feature in several days or weeks and make pull request.
$ escobar -d http://proxy.evil.corp:3128 -vvv
{"level":"info","ts":1706514562.1366453,"msg":"Listening socket","address":"127.0.0.1:3128"}
{"level":"info","ts":1706514562.1369123,"msg":"Serving HTTP requests","address":"127.0.0.1:3128"}
{"level":"info","ts":1706514562.1369123,"msg":"Listening and serving HTTP requests","address":"127.0.0.1:3129"}
{"level":"debug","ts":1706514562.1409388,"msg":"Request started","http_proto":"HTTP/1.1","http_method":"CONNECT","user_agent":"Go-http-client/1.1","uri":"www.google.com:443"}
{"level":"debug","ts":1706514562.2087035,"msg":"CONNECT tunnel opened","http_proto":"HTTP/1.1","http_method":"CONNECT","user_agent":"Go-http-client/1.1","uri":"www.google.com:443"}
$ export | grep proxy
declare -x http_proxy="http://127.0.0.1:3128"
declare -x https_proxy="http://127.0.0.1:3128"
declare -x no_proxy=".evil.corp,localhost,127.0.0.1
$ pip install yt-dlp -vvv
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
Using pip 20.3.4 from /usr/lib/python2.7/site-packages/pip (python 2.7)
Defaulting to user installation because normal site-packages is not writeable
Created temporary directory: /tmp/pip-ephem-wheel-cache-iq8ggh
Created temporary directory: /tmp/pip-req-tracker-fK4gKe
Initialized build tracking at /tmp/pip-req-tracker-fK4gKe
Created build tracker: /tmp/pip-req-tracker-fK4gKe
Entered build tracker: /tmp/pip-req-tracker-fK4gKe
Created temporary directory: /tmp/pip-install-1VeclH
1 location(s) to search for versions of yt-dlp:
* https://pypi.org/simple/yt-dlp/
Fetching project page and analyzing links: https://pypi.org/simple/yt-dlp/
Getting page https://pypi.org/simple/yt-dlp/
Found index url https://pypi.org/simple
Looking up "https://pypi.org/simple/yt-dlp/" in the cache
Request header has "max_age" as 0, cache bypassed
Starting new HTTPS connection (1): pypi.org:443
Incremented Retry for (url='/simple/yt-dlp/'): Retry(total=4, connect=None, read=None, redirect=None, status=None)
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProxyError('Cannot connect to proxy.', error('Tunnel connection failed: 502 Bad Gateway',))': /simple/yt-dlp/
{"level":"debug","ts":1706514592.1841815,"msg":"Request started","http_proto":"HTTP/1.0","http_method":"CONNECT","user_agent":"","uri":"pypi.org:443"}
{"level":"error","ts":1706514592.1899867,"msg":"https: proxy error","http_proto":"HTTP/1.0","http_method":"CONNECT","user_agent":"","uri":"pypi.org:443","error":"cannot read response from proxy connection: malformed HTTP status code \"html\""}
Hi,
can I tell escobar to not die on errors reaching downstream proxy but retry? On my system there is a timeframe when escobar is already started but network flaps once or twice which often leads to escobar shutting down.
It is started from within wsl2 (and I do not use a service supervisor like systemd there that would be able to fix it by itsself). Yes, wsl is a pain..
Hello!
Having PAC support on upstream proxies would be super handy
We're using PAC to nail down local services, and it takes the load off the proxy server
It would be cool to see support for this
Any chance to support NTLM v2 authentication using https://github.com/Azure/go-ntlmssp
? This would make escobar a complete solution for most of corporate environments using authenticated proxies. cntlm
is not reliable enough and not really updated.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.