Configure “Delegate” as a Forward Proxy

Delegate is a very simple and nice proxy which can be configured into many different kind of proxies depending on the use-case you are trying to implement. Best of all, it is open source i.e. free and works across various operating systems including our most hated Microsoft Windows platforms. But before I start to write out on the solution, I will write a bit about the problem I was trying to solve.

As you probably know from this article, my company has implemented a simple but stupid form of authentication i.e. HTTP Basic Authentication, for accessing the internet from behind company servers. The problem with that are manifolds when considering security like transmissions of username:password combination using only a Base64 encoding in request headers, etc. But the biggest problem as a legit user is the browsers popping up an “Enter your username and password” dialog everytime a new browser instance is opened. And all other programs which do not support HTTP Basic authentication or which only supported connection with a proxy did not work. The good part was that browsers were able to save the username password combination and all you had to do was press “ENTER” when such a box showed up. Of course when I changed my login password, it was a real mess.

Also my ubuntu running in Virtual Box was not able to access the internet. A simple solution in ubuntu was to explicitly set the http_proxy environment variable to http://username:password@proxy-server-address:port/ the problem with that being that your password should not have an “@” symbol. As you probably have guessed, I use secure passwords and do have a lot of weird characters in my password including “@” symbols. So that trick does not work for me. Hence I modified the cntlm proxy to support HTTP Basic authentication. This of course did not work with Windows since I have to re-compile and use the totally messy cygwin libraries. Besides taking a lot of space on my windows system, it also creates problems with my mingw installation. Anyways, so I lived in Windows with the stupid pop-ups but my Linux VM was working great.

 

All was well when our IT department suddenly thought that they would still use the HTTP Basic authentication but instead of asking that as a HTTP AUTH request in the http request header, they will simply ask it through a web interface (Smart eh! :P). Now instead of getting a browser based popup, I used to get an ASP page which asked for my username and after clicking submit, it took me to another ASP page which asked for password. After entering both of them, I was allowed to browse. I guess they have a cookie stored in my browser and the authentication or proxy server is now adding my HTTP AUTH credentials based on the cookie stored. Well, I don’t know why people implement systems which are pain in the ass. I haven’t checked out but I am pretty sure that the cookie stores my credentials without any encryption (whoops!) or for a better sake I maybe wrong.

In any case, I was so tired of doing this just for 3 days, that I decided to see if I can install a local proxy and bypass the stupid authentication process. I positively did not want to use Apache for it since it is huge, messy and too complex for such a task. So I thought of using either nginx or Delegate. nginx started out pretty fine but since I cannot deactivate caching, I was not able to put in the proper configuration. So I switched over to Delegate and voila, no more pain in the ass entering username password stuff on two different ASP pages every morning/with every browser. I also do not need to change any settings in any programs when I change my password, etc. It took me a bit of time to do this since there is virtually no information on how to setup Delegate as a forwarding proxy, I thought maybe I can share my experiences with you.

 

So enough of bla-bla, lets get on with the (not) dirty work. First of all, download the latest Delegate server from the site. I use version 9.9.7, so if things don’t work out for you, try with this version. Extract the zip file to your root folder inside Delegate directory. Goto the bin directory and create a new batch file. Write the following in there:

dg9_9_7.exe -Plocalhost:80/udp SERVER=http ADMIN=naresh@localhost PROXY=proxyServer:proxyPort MYAUTH=username:password REMITTABLE="http,https/443,gopher,ftp,wais,udp,tcp" CACHE=no

Save the batch file to whatever you want in the same directory. Now all you need to do my friend is double click the bat file. It will create a service in Windows and set it up to start automatically at system boot. Just keep pressing “ENTER” to all the questions this bat file asks. If you are using Windows Vista or later, right click on the batch file and run it as an administrator.

Now go to your browser/system settings and make your settings point to localhost in the server address and port 80. Voila, no more annoying pages where you have to enter your username and password day-in and day-out again.

If this method works for you, like this post. Leave your comment if it doesn’t. Also if someone is feeling like it, can you please re-compile my modifications to cntlm for Windows?

 

Piss out till I see you again…