Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl cannot connect to https sites via microproxy with digest auth #8

Open
ilyaevseev opened this issue Feb 11, 2023 · 0 comments
Open

curl cannot connect to https sites via microproxy with digest auth #8

ilyaevseev opened this issue Feb 11, 2023 · 0 comments

Comments

@ilyaevseev
Copy link

Problem:

  • curl cannot connect via microproxy with digest auth to https sites
  • there is no such problem with Chrome and Firefox

Versions:

  • microproxy = latest
  • curl = 7.87.0

microproxy.toml:

auth_file="userlist"
auth_type="digest"
auth_realm="Realm1"

curl command:

curl-amd64 -v -k \
--proxy-digest \
--proxy-user user1:pass1 \
--proxy http://localhost:3128 \
--url "$1"

Result:

Curl output for HTTP:

*   Trying 127.0.0.1:3128...
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* Proxy auth using Digest with user 'user1'
> GET http://showip.net/ HTTP/1.1
> Host: showip.net
> User-Agent: curl/7.87.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: Digest realm="Realm1", qop=auth, nonce="75daff532309ca6ed3878b643e18c670"
< Date: Sat, 11 Feb 2023 02:39:54 GMT
< Content-Length: 33
< Content-Type: text/plain; charset=utf-8
< 
* Ignoring the response-body
* Connection #0 to host 127.0.0.1 left intact
* Issue another request to this URL: 'http://showip.net/'
* Found bundle for host: 0x7fe830e4b3a0 [serially]
* Can not multiplex, even if we wanted to
* Re-using existing connection #0 with proxy 127.0.0.1
* Proxy auth using Digest with user 'user1'
> GET http://showip.net/ HTTP/1.1
> Host: showip.net
> Proxy-Authorization: Digest username="user1", realm="Realm1", nonce="75daff532309ca6ed3878b643e18c670", uri="/", cnonce="Y2IyNjZiN2UxYWEwNzY4ZTVjODk5ZTk0MWE3MzhhM2E=", nc=00000001, qop=auth, response="1928bae9f44befd1ea30a9001bba77d6"
> User-Agent: curl/7.87.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Headers: *
< Access-Control-Allow-Methods: *
< Access-Control-Allow-Origin: *
< Content-Length: 12
< Content-Type: text/plain
< Date: Sat, 11 Feb 2023 02:39:54 GMT
< Server: Caddy
< 
* Connection #0 to host 127.0.0.1 left intact
1.2.3.4

Microproxy output for HTTP:

2023/02/11 02:39:54 [095] INFO: Got request / showip.net GET http://showip.net/
2023/02/11 02:39:54 [095] INFO: Copying response to client  [407]
2023/02/11 02:39:54 [095] INFO: Copied 33 bytes to client error=<nil>
2023-02-11T02:39:54Z 127.0.0.1:52848 GET http://showip.net/ 407 33 -
2023/02/11 02:39:54 [096] INFO: Got request / showip.net GET http://showip.net/
2023/02/11 02:39:54 [096] INFO: Sending request GET http://showip.net/
2023/02/11 02:39:54 [096] INFO: Received response 200 OK
2023/02/11 02:39:54 [096] INFO: Copying response to client 200 OK [200]
2023-02-11T02:39:54Z 127.0.0.1:52848 GET http://showip.net/ 200 12 user1
2023/02/11 02:39:54 [096] INFO: Copied 12 bytes to client error=<nil>

Curl output for HTTPS:

*   Trying 127.0.0.1:3128...
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* allocate connect buffer
* Establish HTTP proxy tunnel to showip.net:443
* Proxy auth using Digest with user 'user1'
> CONNECT showip.net:443 HTTP/1.1
> Host: showip.net:443
> User-Agent: curl/7.87.0
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 407 Proxy Authentication Required
< Content-Length: 33
< Proxy-Authenticate: Digest realm="Proxy1", qop=auth, nonce="3d8de1d3bad9e5ac8359fe246cc5ff52"
< 
* Ignore 33 bytes of response-body
* Establish HTTP proxy tunnel to showip.net:443
* Proxy auth using Digest with user 'user1'
> CONNECT showip.net:443 HTTP/1.1
> Host: showip.net:443
> Proxy-Authorization: Digest username="user1", realm="Proxy1", nonce="3d8de1d3bad9e5ac8359fe246cc5ff52", uri="showip.net:443", cnonce="MTdhMmNmMGUxMzI4NjQ1NzZhMGQxNjA5ZTA4OWJmYTg=", nc=00000001, qop=auth, response="92b8666de7146c866d21039e931f22cd"
> User-Agent: curl/7.87.0
> Proxy-Connection: Keep-Alive
> 
* Proxy CONNECT aborted
* Closing connection 0
curl: (56) Proxy CONNECT aborted

Microproxy output for HTTPS:

2023/02/11 02:37:09 [094] INFO: Running 2 CONNECT handlers
2023/02/11 02:37:09 [094] INFO: on 1th handler: &{1 <nil> 0x68d9a0} showip.net:443

Possible reason:

  • Dumping of r.Header in ServeHTTP (vendor/github.com/elazarl/goproxy/proxy.go) shows "User-Agent=curl/7.87.0" and "Proxy-Connection=Keep-Alive" from first CONNECT request only.
  • It seems that second CONNECT request from Curl is not passed to ServeHTTP at all.

Is it bug in Curl or in Microproxy?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ilyaevseev