tags:

views:

1169

answers:

3
+1  Q: 

Python urllib2 HTTPS and proxy NTLM authentication

Hello,

urllib2 doesn't seem to support HTTPS with proxy authentication in general, even less with NTLM authentication. Anyone knows if there is a patch somewhere for HTTPS on proxy with NTLM authentication.

Regards,

Laurent

A: 

http://code.google.com/p/python-ntlm/

I never tried with HTTPS but I think it should work.

EDIT: If you are using SSL Tunneling, proxy authentication is a bad idea.

Proxy using Basic Auth over HTTPS is not secure when the SSL is tunneled. Your password will be sent in clear (Base64-encoded) to proxy. Lots of people assumes the password will be encrypted inside SSL. It's not true in this case.

It's almost impossible to support other encrypted or hashed mechanisms like Digest/NTLM because they all require negotiation (multiple exchanges) and that's not defined in CONNECT protocol. This negotiation happens out of the band of the HTTP connection. It's very hard to implement in proxy/browser also.

If this is an enterprise proxy, IP ACL is the only secure solution.

ZZ Coder  2009-09-26 15:49:47
HTTPS doesn't work with proxy using authentication in urllib2 because it seems that the CONNECT request doesn't pass the credentials. I was hoping someone had a patch for HTTPS with proxy using NTLM.
Laurent Luce  2009-09-26 16:11:23
You are talking about HTTPS tunneling (proxy CONNECT). That's impossible to pass credentials. Proxy only gets destination host/port and everything else is encrypted. The only security you can impose on a tunnel is IP-based ACL.
ZZ Coder  2009-09-26 18:10:47
In case of proxy with authentication (basic authentication for example), you need to pass the credentials in the connect command:"Proxy-Authorization: username/password hashed"It is a tunnel but you still need to authenticate with the proxy.
Laurent Luce  2009-09-26 19:02:02
See my edits ............
ZZ Coder  2009-09-26 19:56:47
A: 

Good recipe (for HTTPS w/proxy) and discussion here, it should be possible to meld that with the python-nltm code @ZZ has already suggested.

Alex Martelli  2009-09-26 17:42:37
That recipe works well in case of proxy with no authentication. It doesn't work in case of basic, digest or NTLM authentication. We have it working fro basic authentication but we are looking for some help in case of NTLM authentication.
Laurent Luce  2009-09-26 19:03:54
+2  A: 

Late reply. Urllib2 does not support NTLM proxying but pycurl does. Excerpt:

self._connection = pycurl.Curl()
self._connection = httplib.HTTPSConnection(YOUR_URL)
self._connection.setopt(pycurl.PROXY, PROXY_HOST)
self._connection.setopt(pycurl.PROXYPORT, PROXY_PORT)
self._connection.setopt(pycurl.PROXYUSERPWD,
                        "%s:%s" % (PROXY_USER, PROXY_PASS))
...
lemonad  2009-11-24 21:56:57

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python