Opened 14 years ago

Last modified 7 years ago

#113 closed enhancement (Implemented)

support for user authetication on HttpProxy and HttpsProxy

Reported by: adrians Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version: 0.1.0.1-rc
Severity: Keywords:
Cc: adrians, arma Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Dear TOR-team!

I am stranded behind a firewall which requires user authentication for HTTP, HTTPS, ...
I tried to get a connection to the onion network starting with 0.0.9.5 and it did not work because of the missing httpSproxy option which became available later in the CVS tree. Therefore I tried to compile the latest from CVS but had some problems. So I was very pleased to see the new compiled versions arriving the days before.

Nevertheless an option to specify a user and the required password for a HttpProxy is still missing. The question is: am I missing something or is it "missing in the code"? Will there be a solution or suggestion?

Thank you very much and keep on developing!
Adrian

[Automatically added by flyspray2trac: Operating System: Windows 2k/XP]

Child Tickets

Change History (10)

comment:1 Changed 14 years ago by arma

It's missing in the code. Can you explain to me exactly how you do the user authentication in each case?

Some proxies do IP-based auth, so we handle those now. But if you need to "log in" first, we don't handle
that. How is that actually done?

comment:2 Changed 14 years ago by adrians

Sorry, at the m,oment this far more than I know.

It does work with a username and a password and it works on different computers in the network at the same time.
The system works well with privoxy, JAP and CVSgrab which I used to get the source. So, maybe this gives you a hint.

I will further look into this question, but first of all I have to grab the http traffic - any suggestions?

comment:3 Changed 14 years ago by visitor

HTTP Authentication is described here: http://www.ietf.org/rfc/rfc2617.txt

The basic authentication is easy. You just need a Proxy-Authorization header in the CONNECT request.

"Proxy-Authorization: Basic %s\r\n", base64_encode("user:pass")

comment:4 Changed 14 years ago by adrians

It looks like, the last comment is exactly what I found out using the LiveHTTPheader extension for Firefox:


...
Keep-Alive: 300
Proxy-Connection: keep-alive
Proxy-Authorization: Basic ghnntll..ND...ttnM=

HTTP/1.x 200 OK
...

Hopefully, this feature/addition will find its way to the next releases. This would reduce the number of "proxies" in my chain of proxies by one. Thanks a lot.

comment:5 Changed 14 years ago by nickm

Re-opening this task as requested. What's wrong?

comment:6 Changed 14 years ago by adrians

It seems like the usage of the HttpsProxyAuthenticator does not happen in all situations. Usually the connection through the proxy is transparent as the HTTP 1.1 header addition is properly added.

But, initially after the start of TOR it seems to try to fetch a new directory listing for an outdated one without respecting the HttpsProxyAuthenticator:


May 18 09:14:10.658 [notice] tor_init(): Tor v0.1.0.5-rc. This is experimental s
oftware. Do not rely on it for strong anonymity.
May 18 09:14:10.767 [notice] options_act(): Initialized libevent version 1.0e us
ing method win32
May 18 09:14:12.448 [warn] connection_dir_client_reached_eof(): Received http st
atus code 401 ("Authentication required") from server '83.243.0.42'. Failing.
May 18 09:14:50.728 [notice] circuit_get_open_circ_or_launch(): Application requ
est when we're believed to be offline. Optimistically trying again.
May 18 09:14:50.759 [warn] connection_dir_client_reached_eof(): Received http st
atus code 401 ("Authentication required") from server '18.244.0.114'. Failing.
May 18 09:14:54.557 [notice] circuit_get_open_circ_or_launch(): Application requ
est when we're believed to be offline. Optimistically trying again.
May 18 09:14:54.588 [warn] connection_dir_client_reached_eof(): Received http st
atus code 401 ("Authentication required") from server '213.115.96.138'. Failing.


comment:7 Changed 14 years ago by arma

Ok, I just added an HttpProxyAuthenticator config option, like the HttpsProxyAuthenticator option. It will
be in 0.1.0.8-rc, whenever that comes out. Let me know if it does what you want. :)

comment:8 Changed 14 years ago by adrians

Thanks a lot!

May 24 09:52:57.525 [notice] Tor v0.1.0.8-rc. This is experimental software. Do not rely on it for strong anonymity.

May 24 09:52:57.588 [notice] Initialized libevent version 1.1 using method win32

May 24 09:53:00.135 [notice] Tor has successfully opened a circuit. Looks like it's working.

After deleting the cached dirserver listing the new TOR version smoothly fetched a listing via the HTTPproxy using the Basic HTTP-Authentication. Now Basic HTTP-Authentication for both HTTP and HTTPS works fine for me.

Well done! Thanks you for your fast and reliable response. Please, excuse the "crying" in my previous comment as I did not expect multiple hyphens as formatting triggers.

Adrian

comment:9 Changed 14 years ago by arma

flyspray2trac: bug closed.
Looks like the second piece is done. Closing again. :)

comment:10 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.