ecovaci / winfoom Goto Github PK
View Code? Open in Web Editor NEWWinfoom is an HTTP(s) proxy server facade that allows applications to authenticate through the proxy without having to deal with the actual handshake.
License: Apache License 2.0
Winfoom is an HTTP(s) proxy server facade that allows applications to authenticate through the proxy without having to deal with the actual handshake.
License: Apache License 2.0
Feature request's description
I need to use both a PAC file and system credentials (for security reasons) simultaneously.
The solution
I would like the same "Use system credentials" feature from the HTTP proxy type for the PAC proxy type.
Thank you for this excellent piece of software. It is very helpful to authenticate my Java REST client to an IIS server requiring NTLM authentication.
Bug description
When putting multiple requests on the same HTTP connection my HTTP REST client ends up with an IOException. My HTTP REST client is using Apache HTTP Client as well, and using WinFoom as a Proxy Server to handle NTLM authentication to a IIS Web Server. Therefore I'm using the HTTP proxy mode:
{
"proxyType" : "HTTP",
"proxyHost" : "172.16.1.10",
"proxyPort" : 8020,
"proxyUsername" : "web-user",
"proxyPassword" : "*******",
"localPort" : 3129,
"proxyTestUrl" : "http://example.com",
"httpAuthProtocol" : "NTLM"
}
my HTTP REST client is also using a shared connection manager with a PoolingHttpClientConnectionManager. What I see is that the initial request is from my REST client is working fine, but the subsequent request on the same connection fails with an IOException. When doing the second request I noticed that WinFoom has already closed the socket, without informing the requester (my REST client)
I.e. Im doing a HTTP GET followed by a HTTP POST on the samen connection. When running WinFoom in debug mode I clearly see that he socket is already closed, after the first HTTP GET. I suspect that the socket is closed without informing my REST client, so therefore it assumes the HTTP connection is still open.
To Reproduce
Steps to reproduce the behaviour:
Log
08-04-2022 14:27:58.859 [pool-1-thread-2] DEBUG o.a.h.impl.execchain.MainClientExec.execute - Executing request GET http://iis-webserver.local.domain:8020/services/Exact.Entity.REST.EG/Resource?$top=1&$filter=ID%20eq%2012570&$select=ID HTTP/1.1
08-04-2022 14:27:58.859 [pool-1-thread-2] DEBUG o.a.h.impl.execchain.MainClientExec.execute - Target auth state: HANDSHAKE
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG o.a.h.impl.execchain.MainClientExec.execute - Proxy auth state: UNCHALLENGED
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> GET http://iis-webserver.local.domain:8020/services/Exact.Entity.REST.EG/Resource?$top=1&$filter=ID%20eq%2012570&$select=ID HTTP/1.1
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Accept: application/json
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> ServerName: sqldb.local.domain
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> DatabaseName: 123
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Cache-Control: no-store, no-cache
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Content-Type: application/json; charset=utf-8
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Host: iis-webserver.local.domain:8020
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Proxy-Connection: Keep-Alive
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> User-Agent: Apache-HttpClient/4.4.1 (Java/1.8.0_292)
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Accept-Encoding: gzip,deflate
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Via: 1.1 winfoom
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Authorization: NTLM **********************
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "GET http://iis-webserver.local.domain:8020/services/Exact.Entity.REST.EG/Resource?$top=1&$filter=ID%20eq%2012570&$select=ID HTTP/1.1[\r][\n]"
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Accept: application/json[\r][\n]"
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "ServerName: sqldb.local.domain[\r][\n]"
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "DatabaseName: 123[\r][\n]"
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Cache-Control: no-store, no-cache[\r][\n]"
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Content-Type: application/json; charset=utf-8[\r][\n]"
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Host: iis-webserver.local.domain:8020[\r][\n]"
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Proxy-Connection: Keep-Alive[\r][\n]"
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "User-Agent: Apache-HttpClient/4.4.1 (Java/1.8.0_292)[\r][\n]"
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Accept-Encoding: gzip,deflate[\r][\n]"
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Via: 1.1 winfoom[\r][\n]"
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Authorization: NTLM **********************=[\r][\n]"
08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "[\r][\n]"
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "HTTP/1.1 200 OK[\r][\n]"
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "Cache-Control: no-cache[\r][\n]"
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "Content-Length: 20[\r][\n]"
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "Content-Type: application/json;odata=verbose;charset=utf-8[\r][\n]"
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "Server: Microsoft-HTTPAPI/2.0[\r][\n]"
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "X-Content-Type-Options: nosniff[\r][\n]"
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "DataServiceVersion: 2.0;[\r][\n]"
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "Date: Fri, 08 Apr 2022 12:27:58 GMT[\r][\n]"
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "[\r][\n]"
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "{"d":{"results":[]}}"
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << HTTP/1.1 200 OK
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << Cache-Control: no-cache
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << Content-Length: 20
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << Content-Type: application/json;odata=verbose;charset=utf-8
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << Server: Microsoft-HTTPAPI/2.0
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << X-Content-Type-Options: nosniff
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << DataServiceVersion: 2.0;
08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << Date: Fri, 08 Apr 2022 12:27:58 GMT
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.a.h.impl.execchain.MainClientExec.execute - Connection can be kept alive indefinitely
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.a.http.impl.auth.HttpAuthenticator.isAuthenticationRequested - Authentication succeeded
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write status line: HTTP/1.1 200 OK
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: Cache-Control: no-cache
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: Content-Length: 20
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: Content-Type: application/json;odata=verbose;charset=utf-8
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: Server: Microsoft-HTTPAPI/2.0
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: X-Content-Type-Options: nosniff
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: DataServiceVersion: 2.0;
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: Date: Fri, 08 Apr 2022 12:27:58 GMT
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Start writing entity content
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager.releaseConnection - Connection [id: 24][route: {}->http://172.16.1.10:8020->http://iis-webserver.local.domain:8020][state: web-user] can be kept alive indefinitely
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.a.h.i.c.DefaultManagedHttpClientConnection.setSocketTimeout - http-outgoing-24: set socket timeout to 0
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager.releaseConnection - Connection released: [id: 24][route: {}->http://172.16.1.10:8020->http://iis-webserver.local.domain:8020][state: web-user][total available: 2; route allocated: 2 of 20; total allocated: 2 of 600]
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - End writing entity content
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.proxy.ClientConnectionHandler.handleConnection - Done handling request: GET http://iis-webserver.local.domain:8020/services/Exact.Entity.REST.EG/Resource?$top=1&$filter=ID%20eq%2012570&$select=ID HTTP/1.1
08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG org.kpax.winfoom.util.InputOutputs.close - Close socket
08-04-2022 14:28:26.411 [scheduling-1] DEBUG o.k.w.proxy.ConnectionPoolingManager.cleanUpConnectionManager - Execute connection manager pool clean up task
Notice that no logging is being done for the HTTP POST as the socket is closed, without informing the client.
Context information:
Hi,
I wanted to test winfoom but recognized, that the prepackaged release 4.0.1 contains log4j 2.14.1. Is there any chance to upgrade this library easily and release a new version?
Greetings,
Peter
On my windows 11 machine, in the log there are these 2 lines every second:
26-07-2023 09:55:28.145 [pool-7-thread-42] WARN o.a.http.impl.auth.HttpAuthenticator.generateAuthResponse - NEGOTIATE authentication error: Invalid name provided (Mechanism level: KrbException: Cannot locate default realm)
26-07-2023 09:55:28.145 [pool-7-thread-42] WARN o.a.http.impl.auth.HttpAuthenticator.generateAuthResponse - NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials
Starting FoomApplication v4.0.3 using Java 17.0.2
The following 1 profile is active: "gui"
processPropertySource - Properties location [file:./config/system.properties] not resolvable: .\config\system.properties (Impossibile trovare il file specificato)
26-07-2023 10:00:30.241 [main] INFO org.kpax.winfoom.config.ProxyConfig.init - Check config directory
26-07-2023 10:00:30.241 [main] INFO org.kpax.winfoom.config.ProxyConfig.init - Check temp directory
26-07-2023 10:00:30.241 [main] INFO org.kpax.winfoom.config.ProxyConfig.init - Using temp directory .\out\temp
26-07-2023 10:00:30.241 [main] INFO org.kpax.winfoom.config.SystemConfig.init - System settings: SystemConfig(maxConnectionsPerRoute=20, maxConnections=600, internalBufferLength=102400, connectionManagerCleanInterval=60, connectionManagerIdleTimeout=100, serverSocketBacklog=1000, socketSoTimeout=65, socketConnectTimeout=20, connectionRequestTimeout=30, preferIPv6Addresses=false, cacheGlobPatternCapacity=100, cacheCredentialsProviderCapacity=100, pacScriptEnginePoolMaxTotal=100, pacScriptEnginePoolMinIdle=20, apiServerRequestTimeout=10, kerberosLoginMinInterval=30, apiDisableShutdown=false, apiReadOnly=false)
Start local proxy server with userConfig ProxyConfig(appVersion=4.0.3, apiPort=9999, apiToken=YWRtaW46d2luZm9vbQ==, proxyType=HTTP, localPort=3128, proxyHttpHost=www.myrealhttp.proxy, proxySocks5Host=, proxySocks4Host=, proxyHttpPort=80, proxySocks5Port=0, proxySocks4Port=0, proxyTestUrl=https://www.google.com, proxySocks5Username=null, proxySocks5Password=null, proxyHttpUsername=mydomain\myuser, proxyHttpPassword=mypassword, useCurrentCredentials=false, proxyPacFileLocation=null, blacklistTimeout=30, proxyPacUsername=null, proxyPacPassword=null, pacHttpAuthProtocol=null, autostart=false, autodetect=false, httpAuthProtocol=BASIC, tempDirectory=.\out\temp)
If I switch on basic authentication or NTLM it works well. But always with these warnings specified in the top of this message
Bug description
When using WinFoom on Linux I am using a JSON file for my settings. When I use "encode(....)" within that JSON file it is not being interpreted. The literal "encode(....)" ends up as the effective password, instead of the base64 decoded value within the "encode()" tag.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I would expect that the System init would decode the provided value, just like with using a properties file
Bug description
Hi, I just found this project and wanted to try it out. Sadly i was not able to connect to the internet.
I get this Error Message if I use the Test Button
Validation failed with status code 500 reason: Proxy Auto Config javascript file: content not acceptable
We use an PAC file.
With PX Proxy everything working fine out of the box, no config necessary.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Success message.
Log
I can't attach the log because it contains the full pac file and I don't think I'm allowed to share that.
Context information:
Additional context
none
Bug description
The latest Winfoom release contains dependencies that make Winfoom probably vulnerable against
log4Shell/CVE-2021-44228.
As you can see in the Logback news, Logback provided a security fix along version 1.2.9, but Winfoom uses version 1.2.5.
Log4j-API 2.14.1 is also vulnerable against log4Shell, see Apache Log4j Security Vulnerabilities for more details. I recommend to use Log4j-API 2.17.2 .
Feature request's description
We are in a situation, where we constantly switch between beeíng connected to a corporate VPN and not beeing connected to it.
Our windows proxy setting is always set to automatic detection.
While we are connected to the corporate VPN, windows manages to identify that it should use the PAC file and configures the proxy based upon it.
However when we leave the VPN, windows sees, that there is no longer a PAC available and uses a DIRECT connection.
This setup seems to be not supported by winfoom directly right now. I can obviously change between PAC and DIRECT manually whenever I connect / disconnect the VPN, but thats not a good workflow.
The solution
Winfoom simply uses the proxy which windows would also use
Alternatives
Not sure how easy the windows proxy can be checked. An alternative could be to simply check the existance of the wpad file in regular timeframes (ideally every few seconds) and if it's not there, simply fallback to DIRECT.
Does this request make sense? Should it be supported already and I'm doing something wrong?
WinFoom (or the java runtime?) crashed while a Cisco VPN disconnect. The corporate proxy was accessed over this VPN.
For details, see hs_err_pid30652.log
When javaw is not in the path, but JAVA_HOME
is set to a path with whitespaces (eg. c:\Program Files\OpenJDK\jdk-19.0.2
)
launch.bat and others fail launching winfoom.
This is because neither testing if exist %JAVA_HOME%\bin\javaw.exe
nor start /B %%JAVA_EXE%
work correctly with whitespaces.
it could be fixed be redefining JAVA_HOME
with
for %%I in ("%JAVA_HOME%") do set JAVA_HOME=%%~sI
I will create an PR
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.