login about faq

I am trying to connect through a proxy server which requires NTLM authentication. I can access the site via the proxy when using a browser such as Firefox, but when I try connecting with the CkHttp python library, I encounter an error.

The error log (below) shows the Type1 message being sent, and server replying with the Type2 (challenge) message, but Chilkat is complaining that the Type2 message is not long enough. I un-encoded the base-64, and verified that the challenge starts with NTLMSSP, followed by some binary data.

I am using the latest version of Chilkat - 9.5.0.45 with Python 2.7 32-bit, running on Windows server 2008R2. I have tried a couple of earlier versions of Chilkat, with the same result.

    proxyConnectNtlm:
                  t1_flags: 0x8b207
                  ConnectRequest: CONNECT xml.support.journeycheck.com:80 HTTP/1.1
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Host: xml.support.journeycheck.com
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIAAgACAAgAAAADAAMACgAAABGSVJTVFBMQ0ZHV0FDUE1URTAwMQ==
                  Sending CONNECT with NTLM Type1 message to proxy...
                  Receiving NTLM TYPE2 message from proxy...
                  NtlmChallenge: TlRMTVNTUAACAAAAAAAAAAAAAAABAgAAKY+OrN2vNDM=
                  genType3:
                    TYPE2 message is not long enough.
                    msgLen: 32
                    Failed to decode TYPE2 input message.
                  --genType3
                  Failed to generate NTLM Type 3 message.
                --proxyConnectNtlm

asked Oct 09 '14 at 09:18

tch's gravatar image

tch
112

edited Oct 13 '14 at 06:41


I fear the only way to understand the cause of the problem is to test directly with that proxy server. Is it publicly reachable? If so, I can test with an intentionally invalid password...

link

answered Oct 10 '14 at 11:50

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

No, I'm afraid it is in a private network. I have a workaround using curl (a Windows version). The fact that curl works (I have to specify --proxy-ntlm), suggests that this is a limitation in the (otherwise very good) Chilkat lib. But since the trace above contains the base-64 encoded values of both the connect and the corresponding challenge, isn't that enough to analyse the problem?

link

answered Oct 13 '14 at 06:35

tch's gravatar image

tch
112

edited Oct 13 '14 at 06:46

link

answered Oct 13 '14 at 09:35

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

Many thanks for your quick response. This version decodes the challenge and sends a response, but I then get a "403 Forbidden" response. I think I'm sending all of the credentials correctly, but I'll run a few tests to see if I can infer what's going on.

(Oct 14 '14 at 07:49) tch
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×24
×9
×1

Asked: Oct 09 '14 at 09:18

Seen: 1,229 times

Last updated: Oct 14 '14 at 07:49

powered by OSQA