Basic Auth support for Chrome browser

[cypress-zh]

I started a proxy with command:
proxy.py --basic-auth username:password

I configured chrome proxy as below(Mac OSX):
type: Web Proxy(Http)
Host: my_host_server
Port: 8899(I use the default port)
Chekced Proxy Server Requires Password and fill in
Username: username
Passowrd: password

the snapshot as below:

I'm sure the firewall was disabled.

but still can NOT get traffic proxyed, the log of proxy server didnot show anything, just a Starting:

[root@myProxyServer ~]# /opt/rh/rh-python36/root/usr/bin/proxy.py --basic-auth username:password
2019-09-25 02:31:02,691 - INFO - run:633 - Starting server on port 8899

am I missed something? can somebody help me out of configuration? Thanks in advance:)

[abhinavsingh]

What version of Chrome are you using?

I am using Chrome Version 77.0.3865.90 Mac. I just tried setting my system proxy settings to same as yours. For me Chrome popped up a basic auth dialog box, which disappeared as I was typing in the username / password, followed by another pop-up to access the system keychain. Hitting refresh, presented the popup dialog again (in-spite of username / password details in system preferences), this time I was fast and Chrome worked fine after I was able to enter username / password in pop-up dialog box. Chrome basic auth support is certainly broken.

I also tried Firefox which has it's own proxy configuration dialog. Firefox worked without any issues, presented me a basic auth dialog (Firefox doesn't accept username / password in proxy config) and then the site.

I can guarantee that Basic authentication support certainly works :) You can also verify the same using Curl on command line:

$ curl -v -x username:password@localhost:8899 http://httpbin.org/get
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8899 (#0)
* Proxy auth using Basic with user 'username'
> GET http://httpbin.org/get HTTP/1.1
> Host: httpbin.org
> Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
> User-Agent: curl/7.54.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: *
< Content-Type: application/json
< Date: Wed, 25 Sep 2019 04:11:50 GMT
< Referrer-Policy: no-referrer-when-downgrade
< Server: nginx
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-XSS-Protection: 1; mode=block
< Content-Length: 202
< Connection: keep-alive
< 
{
  "args": {}, 
  "headers": {
    "Accept": "*/*", 
    "Host": "httpbin.org", 
    "User-Agent": "curl/7.54.0"
  }, 
  "origin": "1.2.3.4, 5.6.7.8", 
  "url": "https://httpbin.org/get"
}
* Connection #0 to host localhost left intact

[cypress-zh]

I am using Chrome: Version 77.0.3865.90 (Official Build) (64-bit), I tried the curl command and it shows:

 ~ curl -v -x username:password@server_host:8899 http://httpbin.org/get
*   Trying server_host...
* TCP_NODELAY set
* Connection failed
* connect to server_host port 8899 failed: Connection refused
* Failed to connect to server_host port 8899: Connection refused
* Closing connection 0
curl: (7) Failed to connect to server_host port 8899: Connection refused

@abhinavsingh

[abhinavsingh]

Looks like you are accessing proxy.py remotely. Are you listening on all interfaces? e.g. --hostname 0.0.0.0 (IPv4) or --hostname :: (IPv6)

[abhinavsingh]

I am assuming passing right flags made it work for you. Closing this now, feel free to re-open if necessary.

[cypress-zh]

@abhinavsingh Thanks for ur response.
I tried ur suggestion, changed to listen to all interfaces, and it seems it was doing the connection, see log below, and a new problem ProxyAuthenticationFailed came, I'm sure that I have input the right username and password as what I set simplest in server side:

2019-09-26 01:54:10,980 - ERROR - _process_rlist:554 - 
Traceback (most recent call last):
  File "/opt/rh/rh-python36/root/usr/bin/proxy.py", line 552, in _process_rlist
    self._process_request(data)
  File "/opt/rh/rh-python36/root/usr/bin/proxy.py", line 471, in _process_request
    raise ProxyAuthenticationFailed()
ProxyAuthenticationFailed

[abhinavsingh]

Is this happening when calling using curl, can you paste your commands for reference here, both for proxy.py and curl. Thank you.

…

------------------------------------------------------ Abhinav Singh, https://abhinavsingh.com ------------------------------------------------------

On Wed, Sep 25, 2019 at 6:57 PM cypress-zh ***@***.***> wrote: @abhinavsingh <https:/abhinavsingh> Thanks for ur response. I tried ur suggestion, changed to listen to all interfaces, and it seems the it was doing the connection, see log below, and a new problem ProxyAuthenticationFailed came, I' sure that I have input the username and password as what I set in server side: 2019-09-26 01:54:10,980 - ERROR - _process_rlist:554 - Traceback (most recent call last): File "/opt/rh/rh-python36/root/usr/bin/proxy.py", line 552, in _process_rlist self._process_request(data) File "/opt/rh/rh-python36/root/usr/bin/proxy.py", line 471, in _process_request raise ProxyAuthenticationFailed() ProxyAuthenticationFailed — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#89?email_source=notifications&email_token=AAA6Y4KEWI3BQSEZQ4ZRUE3QLQJJNA5CNFSM4I2G6ZYKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7T7RZA#issuecomment-535296228>, or mute the thread <https:/notifications/unsubscribe-auth/AAA6Y4NLLMU3CLVAXF7LCKTQLQJJNANCNFSM4I2G6ZYA> .

[cypress-zh]

No, it's happening using chrome surfing internet, my server side commands is:

proxy.py --basic-auth my_username:123456 --hostname 0.0.0.0

and there's no command on client side(Chrome).

[abhinavsingh]

Can you verify the same first using curl? Pretty sure it should work. Then also do check for trailing whitespaces around your my_username and port in Chrome setting.

…

------------------------------------------------------ Abhinav Singh, https://abhinavsingh.com ------------------------------------------------------

On Wed, Sep 25, 2019 at 7:03 PM cypress-zh ***@***.***> wrote: No, it's happening using chrome surfing internet, my server side commands is: proxy.py --basic-auth my_username:123456 --hostname 0.0.0.0 and there's no command on client side(Chrome). — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#89?email_source=notifications&email_token=AAA6Y4PSPJ4DUXVWJYWTL4TQLQJ6ZA5CNFSM4I2G6ZYKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7T73NI#issuecomment-535297461>, or mute the thread <https:/notifications/unsubscribe-auth/AAA6Y4LSHNZENOIA5KC4MXTQLQJ6ZANCNFSM4I2G6ZYA> .

[cypress-zh]

I tried curl, and it works perfectly. 😝Chome browser still can NOT pass authentication. Thanks for ur help I'll recheck my configuration.:)

[vikranth094]

Issue is due to check for auth header length is not equal to 2 in /proxy/proxy.py/proxy/http/proxy/auth.py , chrome browser might have extra headers ,Please change the code in /proxy/proxy.py/proxy/http/proxy/auth.py as a fix,.
if len(parts) != 2 at line 34

After removal of this check, browser auth worked

[abhinavsingh]

@vikranth094 Thank you. Can you also share what exactly does browser end up sending? We can use the same as a test scenario too. You can anonymize any hashes etc. I am curious what exactly is being sent by browser.

[vikranth094]

I am not sure about browser, I was working with my android proxy client which had request format String.format(Locale.ENGLISH, "CONNECT %s:%d HTTP/1.0\r\nProxy-Connection: keep-alive\r\nProxy-Authorization: Basic %sUser-Agent: %s\r\nX-App-Install-ID: %s\r\n\r\n", m_DestAddress.getHostName(), m_DestAddress.getPort(), Constant.auth, ProxyConfig.Instance.getUserAgent(), ProxyConfig.AppInstallID);

[abhinavsingh]

Thank you for this piece of information. We'll address it and add necessary tests using your provided example. I'll try to also repro on an android device. Best.

[vikranth094]

Thanks Bro, Really cool project