Intro

This program is trying to be a solution for people stuck behind a firewall or a (possibly MS) proxy with highly restricted ways to reach the internet.

On one side, it is a client which can connect to a MS Proxy server and authenticate itself using NTLM authentication and do anything allowed by it, and on the other side it is a HTTP proxy server to which other programs can connect to access the internet (without authentication), and also a DNS proxy to use as your name server. For programs not supporting the HTTP protocol you can use dante's socksify.

The program is able to use a master proxy on the way out or connect to the requested sites directly, and it can do NTLM authentication (MS ISA Server, MS Proxy). You can set up rules for the HTTP proxy to specify how the requested action should be carried out (connect directly or connect through an other proxy). You can also set up rules for the tcp connections to be made. It can build connections using the usual connect syscall, going through the proxy with the CONNECT method, or call external programs (like ssh) to open the connection. For the name server, you can associate hostname patterns with name servers to ask them about.

Changes

0.5

• Added a simple anonymous-only (and passive mode only) FTP proxy module which understands Unix-like, DOS/Windows and VMS directory listings (hopefully). It can't upload files and it does no text file translations of any kind, but apparently it does enough to be able to download things.

0.4

• Reworked HTTP header handling to pass correctly all the cookies sent by strange sites like hotmail.com, allowing you to log in there again. Apparently some sites send the same cookies several times in the same header with different values...

0.3

• Generic subprocess support in the config file
• Generic proxy support
• Stream multiplexer on the external machine for faster connections
• Much more robust DNS handling - fixed message compression, better error management
• More robust HTTP handling - e.g. now closes connection after GET
• SMTP sender for use with your favorite MTA (like postfix)
• New and improved bugs

Features

• BSD style license so you're free to use and modify it as long as you adhere to its terms
• Support for MS's NTLM authentication scheme
• Configurable connection routing so you can tell your programs to go through it all the time and it will select the best way automatically
• DNS proxying and caching
• Bugs
• Incompleteness

Todo

• HTTP/1.1 persistent connections
• Implement SOCKS4/SOCKS5 server
• Implement SOCKS4/SOCKS5 client (to be used in the tcp connection router)
• UDP routing (through the SOCKS interface)
• TCP listening support (through the SOCKS interface) using netcat
• Implement SSH protocol to avoid using external ssh program (?)