How to use wget with proxy and ntlm on windows

wget for Windows does not work with proxy authentication that uses NTLM or NTLMv2 encrypted passwords. There is a solution to get it working!

Download cntlm

Download cntlm from http://cntlm.sourceforge.net/ and extract it. You should get the following files:

cntlm.exe
cntlm.ini
cntlm_manual.pdf
cygrunsrv.exe
cygwin1.dll
README.txt
setup.bat
uninstall.bat

At this point we DO NOT INSTALL IT. We just try it out. You can install it later if you like.

Download wget for Windows

Download a version of wget for Windows that has proxy support, eg. wget.exe Copy

wget.exe

and maybe additionally needed files into the folder where you extracted cntlm You should now have the following files in one folder:

cntlm.exe
cntlm.ini
cntlm_manual.pdf
cygrunsrv.exe
cygwin1.dll
README.txt
setup.bat
uninstall.bat
wget.exe
<optional additional files>

Configure cntlm

PRE-setup cntlm.ini

Create a textfile cntlm.ini Open cntlm.ini with your favorite text editor and change ONLY the following values (or more) to your needs:

Username      yourusername
Domain        your.domain.tld
Proxy         192.168.178.22:8080              # Enter the proxy name you want to authenticate against

We need this file to determine what is the strongest hash the target proxy supports. When you have the file ready, execute the following command and enter your proxy password when prompted.

>cntlm.exe -c .\cntlm.ini -v -u yourusername -d your.domain.tld -I -M http://www.microsoft.com
cntlm: Proxy listening on 127.0.0.1:3128
cntlm: Resolving proxy 192.168.178.22...
cntlm: Workstation name used: workstation01
Password: <Enter your password here>
cntlm: Using proxy 192.168.178.22:8080
Config profile  1/11... OK (HTTP code: 200)
----------------------------[ Profile  0 ]------
Auth            NTLMv2
PassNTLMv2      1452C2EB3157149277F82ABCD16329DB
------------------------------------------------
cntlm: Terminating with 0 active threads

Now we now, that the strongest hash the target proxy supports is NTLMv2. Therefore we will use NTLMv2 later in our configuration! You can use any other working url instead of www . microsoft . com.

setup cntlm.ini

Now open cntlm.ini again with your favourite text editor and change the following values (or more) to your needs:

#
# Cntlm Authentication Proxy Configuration
#
# NOTE: all values are parsed literally, do NOT escape spaces,
# do not quote. Use 0600 perms if you use plaintext password.
#
Username	yourusername
Domain	your.domain.tld
#Password	plaintext                           # use the PassNTLMv2 from above Use hashes instead (-H)

#----------------------------[ Profile  0 ]------ # copy this from the previous output
Auth          NTLMv2                              # copy this from the previous output
PassNTLMv2    1452C2EB3157149277F82ABCD16329DB    # copy this from the previous output
#------------------------------------------------ # copy this from the previous output

Proxy		192.168.178.22:8080                 # Enter the proxy name you want to authenticate against
#Workstation  netbios_hostname                    # Should be auto-guessed

#
# This is the port number where Cntlm will listen
#
Listen		3128

for Password enter the PassNTLMv2 you created previously. For Proxy enter the proxy server and port you need to access the internet and where cntlm should use the credentials against. Optionally you can change the listening port (3128).

Start cntlm

Now start cntlm with:

>cntlm.exe -v -f -c .\cntlm.ini
cntlm: PID 640: Cntlm ready, staying in the foreground

The -v (verbose) is not needed, but it is good for testing. cntlm is now running and waiting for connections on port 3128

use wget with cntlm

Open a command prompt and enter the following command:

SET http_proxy=http://127.0.0.1:3128/

This makes sure, that we use our local cntlm proxy on port 3128 with wget. You can also use a wget configuration file for this.

Now lets open a webpage with wget using cntlm as proxy

>wget --proxy=on http://www.pcfreak.de
--18:54:16--  http://www.pcfreak.de:80/
           => `index.html'
Connecting to 127.0.0.1:3128... connected!
Proxy request sent, awaiting response... 200 OK
Length: 5,403 [text/html]

    0K -> .....                                                  [100%]

18:54:17 (5.28 KB/s) - `index.html' saved [5403/5403]

Greetings

This guide has been written for Ludwig H. working at W. And by the way

1452C2EB3157149277F82ABCD16329DB

is not my password hash. :)

public/windows/wgetproxy.txt · Last modified: 2015/08/11 08:20 (external edit)
CC Attribution-Share Alike 3.0 Unported
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0