gontlm-proxy
🔧 NTLM Proxy Forwarder in Golang.
Overview
This project was inspired by CNTLM & PX. Operating behind a corporate proxy can make using tooling difficult. It can also force you into putting your credentials into ENV variables, definitely not good! The goal here is to leverage the Windows SSPI subsystem to authenticate to your proxy automatically.
Usage
When GoNTLM-Proxy first starts, it will create a self-signed certificate, unique to your system. It is created in your home folder at ~/.gontlm-ca.pem
and ~/.gontlm-ca.key
respectively. If you want to avoid validation errors, you can add the certificate to your systems trust store.
It reads the configured proxy from the Windows Registry, or can be set via the GONTLM_PROXY
environment variable.
By default, GoNTLM-Proxy listens locally on port 3128, however this can be set via the GONTLM_BIND
environment variable.
Service
If you run this as a service, it will run as NT AUTHORITY/SYSTEM. If you wish to run it as another user, you can edit the service after installation.
Please note that when running the service as SYSTEM
, dynamically-generated CA certificate and key will be located in the SYSTEM
user's home folder at C:\WINDOWS\system32\config\systemprofile\.gontlm-ca.pem
. You can always replace these with your own if you already have cert/key.
Install
Release binaries are available under the GitHub Releases page. Alternatively, you can do this the Go way.
$ go get github.com/bdwyertech/gontlm-proxy
Development
$ go run .\cmd\gontlm-proxy\
License
MIT