Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix HTTP proxy authentication to support both preemptive and challenge-response auth #134

Merged
merged 1 commit into from
Sep 3, 2024
Merged

Fix HTTP proxy authentication to support both preemptive and challenge-response auth #134

merged 1 commit into from
Sep 3, 2024

Conversation

lhpalacio
Copy link
Contributor

The current HTTP proxy authentication implementation works with clients that use preemptive authentication (like curl) but fails with clients expecting a challenge-response flow (such as Puppeteer and web browsers).

Solution:

  1. Immediately returning a 407 Proxy Authentication Required status when no auth header is present.
  2. Adding a Proxy-Authenticate header to 407 responses, prompting clients to provide credentials.

Testing with Puppeteer:

Should fail before the change and pass after the fix

const puppeteer = require('puppeteer');

(async () => {
  const browser = await puppeteer.launch({
    args: [`--proxy-server=http://0.0.0.0:25345`],
  });

  const page = await browser.newPage();
  await page.authenticate({
    username: 'username',
    password: 'password',
  });

  await page.goto('https://httpbin.org/ip');
  const body = await page.waitForSelector('body');
  const ip = await body.getProperty('textContent');
  console.log(await ip.jsonValue());

  await browser.close();
})();

@pufferffish pufferffish merged commit 4a564b5 into pufferffish:master Sep 3, 2024
9 of 10 checks passed
artem-russkikh added a commit to artem-russkikh/wireproxy-awg that referenced this pull request Sep 14, 2024
@artem-russkikh @tazz4843 @lhpalacio
Sync fork (#3)
fe2920a 
* Update README (pufferffish#137)

* Fix broken sandboxing resulting in SIGABRT (pufferffish#136)

* Fix HTTP proxy authentication to support both preemptive and challenge-response auth (pufferffish#134)

* Bump version

---------

Co-authored-by: Niko <niko@niko.lgbt>
Co-authored-by: Luiz Henrique Gomes Palácio <lhpalacio@outlook.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lhpalacio @pufferffish