Archived Forum Post

Index of archived forum posts

Question:

NTLM Proxy connection issue

Oct 14 '14 at 07:49

I am trying to connect through a proxy server which requires NTLM authentication. I can access the site via the proxy when using a browser such as Firefox, but when I try connecting with the CkHttp python library, I encounter an error.

The error log (below) shows the Type1 message being sent, and server replying with the Type2 (challenge) message, but Chilkat is complaining that the Type2 message is not long enough. I un-encoded the base-64, and verified that the challenge starts with NTLMSSP, followed by some binary data.

I am using the latest version of Chilkat - 9.5.0.45 with Python 2.7 32-bit, running on Windows server 2008R2. I have tried a couple of earlier versions of Chilkat, with the same result. 

    proxyConnectNtlm:
                  t1_flags: 0x8b207
                  ConnectRequest: CONNECT xml.support.journeycheck.com:80 HTTP/1.1
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Host: xml.support.journeycheck.com
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIAAgACAAgAAAADAAMACgAAABGSVJTVFBMQ0ZHV0FDUE1URTAwMQ==
                  Sending CONNECT with NTLM Type1 message to proxy...
                  Receiving NTLM TYPE2 message from proxy...
                  NtlmChallenge: TlRMTVNTUAACAAAAAAAAAAAAAAABAgAAKY+OrN2vNDM=
                  genType3:
                    TYPE2 message is not long enough.
                    msgLen: 32
                    Failed to decode TYPE2 input message.
                  --genType3
                  Failed to generate NTLM Type 3 message.
                --proxyConnectNtlm

Answer

I fear the only way to understand the cause of the problem is to test directly with that proxy server. Is it publicly reachable? If so, I can test with an intentionally invalid password...

Answer

No, I'm afraid it is in a private network. I have a workaround using curl (a Windows version). The fact that curl works (I have to specify --proxy-ntlm), suggests that this is a limitation in the (otherwise very good) Chilkat lib. But since the trace above contains the base-64 encoded values of both the connect and the corresponding challenge, isn't that enough to analyse the problem?

Answer

Thanks. Try these new builds to see if it works now:

32-bit Download: http://www.chilkatsoft.com/download/preRelease/chilkat-9.5.0-python-2.7-win32.zip

64-bit Download: http://www.chilkatsoft.com/download/preRelease/chilkat-9.5.0-python-2.7-x64.zip