Professional Documents
Culture Documents
00 Proxy Server - ArchWiki
00 Proxy Server - ArchWiki
Proxy server
According to Wikipedia: Related articles
Contents
HTTPS MITM proxies
Environment variables
Keep proxy through sudo
Automation with network managers
About libproxy
Web proxy options
Simple Proxy with SSH
Using a SOCKS proxy
curl and pacman
Proxy settings on GNOME3
Microsoft NTLM proxy
Configuration
Usage
▪ mitmproxy — Command-line and web interface, written in Python, also has API.
1 of 7 12/1/21, 09:32
Proxy server - ArchWiki https://wiki.archlinux.org/title/Proxy_server#HTTPS_MITM_...
▪ sslsplit — Works with any TLS connections but cannot act as a HTTP proxy in a browser, written
in C.
Warning: mitmproxy creates the private key to be readable by all users.[1] (https://github.com
/mitmproxy/mitmproxy/pull/3356)
Environment variables
Some programs, such as wget and (used by pacman) curl, use environment variables of the form
protocol_proxy to determine the proxy for a given protocol (e.g. HTTP, FTP, ...).
export http_proxy=http://10.203.0.1:5187/
export https_proxy=$http_proxy
export ftp_proxy=$http_proxy
export rsync_proxy=$http_proxy
export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
Some programs look for the all caps version of the environment variables.
If the proxy environment variables are to be made available to all users and all applications, the above
mentioned export commands may be added to a script, say proxy.sh inside /etc/profile.d/ .
The script has to be then made executable. This method is helpful while using a desktop
environment like Xfce which does not provide an option for proxy configuration. For example,
Chromium browser will make use of the variables set using this method while running XFCE.
Alternatively you can automate the toggling of the variables by adding a function to your .bashrc
(thanks to Alan Pope for original script idea)
function proxy_on() {
export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
2 of 7 12/1/21, 09:32
Proxy server - ArchWiki https://wiki.archlinux.org/title/Proxy_server#HTTPS_MITM_...
fi
function proxy_off(){
unset http_proxy https_proxy ftp_proxy rsync_proxy \
HTTP_PROXY HTTPS_PROXY FTP_PROXY RSYNC_PROXY
echo -e "Proxy environment variable removed."
}
As an alternative, you may want to use the following script. Change the strings YourUserName ,
ProxyServerAddress:Port , LocalAddress and LocalDomain to match your own data,
then edit your ~/.bashrc to include the edited functions. Any new bash window will have the new
functions. In existing bash windows, type source ~/.bashrc . You may prefer to put function
definitions in a separate file like functions then add source functions to .bashrc instead
of putting everything in .bashrc . You may also want to change the name "myProxy" into something
short and easy to write.
#!/bin/bash
assignProxy(){
PROXY_ENV="http_proxy ftp_proxy https_proxy all_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY ALL_PROXY"
for envar in $PROXY_ENV
do
export $envar=$1
done
for envar in "no_proxy NO_PROXY"
do
export $envar=$2
done
}
clrProxy(){
PROXY_ENV="http_proxy ftp_proxy https_proxy all_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY ALL_PROXY"
for envar in $PROXY_ENV
do
unset $envar
done
}
myProxy(){
user=YourUserName
read -p "Password: " -s pass && echo -e " "
proxy_value="http://$user:$pass@ProxyServerAddress:Port"
no_proxy_value="localhost,127.0.0.1,LocalAddress,LocalDomain.com"
assignProxy $proxy_value $no_proxy_value
}
3 of 7 12/1/21, 09:32
Proxy server - ArchWiki https://wiki.archlinux.org/title/Proxy_server#HTTPS_MITM_...
If the proxy environment variables are set for the user only they will get lost when running
commands with sudo (or when programs use sudo internally).
A way to prevent that is to add the following line to a sudo configuration file:
/etc/sudoers.d/05_proxy
About libproxy
libproxy (https://libproxy.github.io/libproxy/) (which is available in the extra repository) is
an abstraction library which should be used by all applications that want to access a network resource.
It still is in development but could lead to a unified and automated handling of proxies in GNU/Linux
if widely adopted.
The role of libproxy is to read the proxy settings from different sources and make them available to
applications which use the library. The interesting part with libproxy is that it offers an
implementation of the Web Proxy Autodiscovery Protocol and an implementation of Proxy
Auto-Config that goes with it.
The /usr/bin/proxy binary takes URL(s) as argument(s) and returns the proxy/proxies that
could be used to fetch this/these network resource(s).
As of 06/04/2009 libproxy is required by libsoup. It is then indirectly used by the midori (http
s://archlinux.org/packages/?name=midori) browser.
4 of 7 12/1/21, 09:32
Proxy server - ArchWiki https://wiki.archlinux.org/title/Proxy_server#HTTPS_MITM_...
For PORT, choose some number which is not an IANA registered port. This specifies that traffic on
the local PORT will be forwarded to the remote HOST. ssh will act as a SOCKS server. Software
supporting SOCKS proxy servers can simply be configured to connect to PORT on localhost.
▪ the application you want to use handles SOCKS5 proxies (for example Firefox), then you just
have to configure it to use the proxy.
▪ the application you want to use does not handle SOCKS proxies, then you can try to use tsocks
(https://archlinux.org/packages/?name=tsocks) or proxychains-ng (http
s://archlinux.org/packages/?name=proxychains-ng).
In Firefox, you can use the SOCKS proxy in the menu Preferences > Network > Settings. Choose
Manual Proxy Configuration, and set the SOCKS Host (and only this one, make sure the other fields,
such as HTTP Proxy or SSL Proxy are left empty). For example, if a SOCKS5 proxy is running on
localhost port 8080, put 127.0.0.1 in the SOCKS Host field, 8080 in the Port field, and validate.
$ proxychains program
Where program can be any program already installed on your system (e.g. xterm, gnome-terminal,
etc).
If using tsocks, the configuration takes place in /etc/tsocks.conf . See tsocks.conf(5) (ht
tps://man.archlinux.org/man/tsocks.conf.5) for the options. An example minimum
configuration looks like this:
/etc/tsocks.conf
server = 127.0.0.1
server_port = 8080
server_type = 5
default_user = ""
5 of 7 12/1/21, 09:32
Proxy server - ArchWiki https://wiki.archlinux.org/title/Proxy_server#HTTPS_MITM_...
default_pass = ""
You may set the all_proxy environment variable to let curl and pacman (which uses curl) use your
socks5 proxy:
$ export all_proxy="socks5://your.proxy:1080"
This configuration can also be set to automatically execute when NetworkManager connects to
specific networks, by using the proxydriver (https://aur.archlinux.org/packages/pr
oxydriver/)AUR package.
Configuration
Change settings in /etc/cntlm.conf as needed, except for the password. Then run:
$ cntlm -H
6 of 7 12/1/21, 09:32
Proxy server - ArchWiki https://wiki.archlinux.org/title/Proxy_server#HTTPS_MITM_...
This will generate encrypted password hashes according to your proxy hostname, username and
password.
Edit /etc/cntlm.conf again and include all three generated hashes, then enable
cntlm.service .
$ cntlm -v
Usage
Content is available under GNU Free Documentation License 1.3 or later unless otherwise noted.
7 of 7 12/1/21, 09:32