Proxy Tunneling
My school that I am currently attending uses a proxy. Because of that proxy you cannot use internet based game without a program to tunnel through the proxy. I used to use a windows based computer at the school so I used the program Sockscap to tunnel through but they do not make a version for apple computers. Does anyone know of a program that can work as the same function? I've tried looking everywhere but have had no success.
OS X has this Proxies tab under Network in System
Preferences, does
that not work? It includes a SOCKS Proxy.
Yeah this isn't what he's asking for. That proxy
setting allows you to connect to the local proxy
server, which in this case is blocking the type of
network traffic he's trying to use (proxy servers are
generally used to control outbound network traffic,
to restrict access to certain content such as
Internet radio, newsgroups, etc).
So what type of proxy server are you connecting to?
If this is an ssh proxy (which it should be,
otherwise running an open proxy is a really
bad idea), then you can simply open up a terminal
window and type something like this:
ssh -D port_num [email protected]
Then in the network control panel, create a new
location (you could name it "Proxy Bypass" or
something) and change your proxy settings for that
location to use "localhost:port_num" -- port_num
being some unused port, i.e. 8001. Creating the
additional network location will allow you to use
these settings with your game, and switch back to
your school's proxy server for Internet access.
The ssh tunnel will re-route all outbound Internet
traffic through to your remote proxy server, which
will then relay it out to the Internet, effectively
bypassing your school's proxy server (assuming they
allow ssh traffic to pass through it).
1.42/80/1g Mini - 1.83MBP/2g/100g
7200rpm Mac OS X (10.4.7) Former Newton
OMP user.
That sounds like a good idea but how do i know which proxy settings i need. You recommended a port but what is the server?
Similar Messages
-
Just recently I started encountering a "waiting for proxy tunnel" error in Chrome and Safari when trying to surf the web while having to use a network proxy. It seems this is some kind of malware but I cannot find how to delete it. Any help?
It means the proxy isn't working.
-
SSL Proxy Tunneling - Extremely poor performance on Windows 98
Does anyone know of a solution regarding poor connection speeds when proxy tunneling on windows 98?
Currently initial connections are taking up to 40 seconds!! Which is unacceptable. The same code run on the same network, but under windows 2000 cuts this down dramatically.
I know there are some issues regarding secureRandom, and some people have mentioned performing their own seeding process. However I don't want to go down this road, as it could potentially reduce security.
Any help would be appreciated.In case anyone is having this same issue:
It appears that SunJVM1.4.1 has a fix in place for this problem, and I can confirm that this has resolved the issue. Not sure why it has not been implemented into the latest JSSE download, and it certainly should be documented somewhere as this would have saved valuable time.
As my current application needs to be run under 1.3.1, I am forced to use 2 versions of the JVM!!! -
Is is possible to create a HTTPS tunnel in a reverse proxy senerio??
I have created a proxy entry that passes a request from an external user to an internal server using HTTPS and everything works great, expect for when the server asks for the EXTERNAL users personnel SSL keys the proxy is returning the PROXY CERTS not the external user CERTS.
Server configuration:
- Created secure HTTPS port 443 and applied SERVER CERTS.
- Created a virtual MULTIHOSTING entry https://service.external.com --> https://10.10.10.10
I am able to connect to the servers and all appears fine. the only issues is that when the server ask for the client CERTS the PROXY is passing it's CERTs instead of the EXTERNAL client CERTS.
I have tried with versions 4.0.11 & 4.0.21
Thank youmcu wrote:
> I use reverse proxy for authentication to an Intranet from the Internet
> when users are home. This has been in place for many years. There are
> always a few who have some difficulty in authenticating. Most
> authenticate OK. Others get the message "you are already logged in" and
> cannot access the Intranet.
>
> Using BM 3.9 sp1. Using a high port - 1444.
>
> Any ideas what could cause this? Could it be the ISP of some?
yes, isp has a transparent proxy and it is causing the issue.
Gonzalo -
Here is example code for HTTPS Tunneling through proxy(400 Lines of code
Here is the source for Https Tunneling that I have gotten working. It is based on Pua Yeow Cheong's JavaWorld Tip 111. Thanks to David Lord for providing the final breakthrough that I needed.
I have posted it here for anyone who wishes to use it. If you find any bugs, or write any improvements, please tack them onto the end of this thread.
I have been trying to tackle this problem for quite some time, so I hope this helps a few of you out there.
Lots of Luck,
nightmask.
<----- Begin Copy and Paste -------->
import java.net.*;
import java.io.*;
import java.security.*;
import sun.misc.BASE64Encoder;
import javax.net.*;
import javax.net.ssl.*;
* This example is based on JavaWorld Tip 111. Thanks to Pua Yeow Cheong for writing it.
* It tunnels through a proxy using the Https protocol.
* Thanks go to David Lord in the java forums for figuring out the main problem with Tip 111
* PLEASE NOTE: You need to have the JSSE 1.0.2 jars installed for this to work
* Downloads contents of a URL, using Proxy Tunneling and Basic Authentication
public class URLReader {
* The main program for the URLReader class
public static void main(String[] args) throws Exception {
//set up strings for use in app. Change these to your own settings
String proxyPassword = "password";
String proxyUsername = "username";
String proxyHost = "myproxy.com";
String proxyPort = "3128";
String connectionURL = "https://www.verisign.com";
//set up system properties to indicate we are using a proxy
System.setProperty("https.proxyHost", proxyHost);
System.setProperty("https.proxyPort", proxyPort);
System.setProperty("proxyHost", proxyHost);
System.setProperty("proxyPort", proxyPort);
System.setProperty("proxySet", "true");
System.setProperty("http.proxyHost", proxyHost);
System.setProperty("http.proxyPort", proxyPort);
System.setProperty("http.proxySet", "true");
//set up handler for jsse
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
java.security.Provider prov = new com.sun.net.ssl.internal.ssl.Provider();
Security.addProvider(prov);
//create the connection
URL myURL = new URL(connectionURL);
URLConnection myConnection = myURL.openConnection();
if (myConnection instanceof com.sun.net.ssl.HttpsURLConnection) {
((com.sun.net.ssl.HttpsURLConnection) myConnection).setSSLSocketFactory(new SSLTunnelSocketFactory(System.getProperty("proxyHost"), System.getProperty("proxyPort")));
myConnection.setDoInput(true);
myConnection.setDoOutput(true);
BufferedReader in;
try {
System.err.println("opening Input stream1");
in = new BufferedReader(
new InputStreamReader(
myConnection.getInputStream()));
String inputLine;
System.err.println("Input stream is Open1");
while ((inputLine = in.readLine()) != null) {
System.err.println(inputLine);
in.close();
System.err.println("Input stream is Closed1");
} catch (Exception e) {
e.printStackTrace(System.err);
String tmp = e.getMessage().toLowerCase().trim();
System.err.println("tmp *" + tmp + "*");
if (tmp.indexOf("http") > -1) {
//http error message to be parsed
tmp = tmp.substring(tmp.indexOf("http")).trim();
System.err.println("tmp *" + tmp + "*");
tmp = tmp.substring(8).trim();
System.err.println("tmp *" + tmp + "*");
if (tmp.startsWith("407")) {
//proxy authentication required
myURL = new URL(connectionURL);
myConnection = myURL.openConnection();
if (myConnection instanceof com.sun.net.ssl.HttpsURLConnection) {
((com.sun.net.ssl.HttpsURLConnection) myConnection).setSSLSocketFactory(new SSLTunnelSocketFactory(System.getProperty("proxyHost"), System.getProperty("proxyPort"), proxyUsername, proxyPassword));
myConnection.setDoInput(true);
myConnection.setDoOutput(true);
try {
System.err.println("opening Input stream 2");
in = new BufferedReader(
new InputStreamReader(
myConnection.getInputStream()));
String inputLine;
System.err.println("Input stream is Open 2");
while ((inputLine = in.readLine()) != null) {
System.out.println(inputLine);
in.close();
System.err.println("Input stream is closed 2");
} catch (Exception ex) {
System.err.println(ex.getMessage());
ex.printStackTrace(System.err);
* SSLSocket used to tunnel through a proxy
class SSLTunnelSocketFactory extends SSLSocketFactory {
private String tunnelHost;
private int tunnelPort;
private SSLSocketFactory dfactory;
private String tunnelPassword;
private String tunnelUserName;
private boolean socketConnected = false;
private int falsecount = 0;
* Constructor for the SSLTunnelSocketFactory object
*@param proxyHost The url of the proxy host
*@param proxyPort the port of the proxy
public SSLTunnelSocketFactory(String proxyHost, String proxyPort) {
System.err.println("creating Socket Factory");
tunnelHost = proxyHost;
tunnelPort = Integer.parseInt(proxyPort);
dfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
* Constructor for the SSLTunnelSocketFactory object
*@param proxyHost The url of the proxy host
*@param proxyPort the port of the proxy
*@param proxyUserName username for authenticating with the proxy
*@param proxyPassword password for authenticating with the proxy
public SSLTunnelSocketFactory(String proxyHost, String proxyPort, String proxyUserName, String proxyPassword) {
System.err.println("creating Socket Factory with password/username");
tunnelHost = proxyHost;
tunnelPort = Integer.parseInt(proxyPort);
tunnelUserName = proxyUserName;
tunnelPassword = proxyPassword;
dfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
* Sets the proxyUserName attribute of the SSLTunnelSocketFactory object
*@param proxyUserName The new proxyUserName value
public void setProxyUserName(String proxyUserName) {
tunnelUserName = proxyUserName;
* Sets the proxyPassword attribute of the SSLTunnelSocketFactory object
*@param proxyPassword The new proxyPassword value
public void setProxyPassword(String proxyPassword) {
tunnelPassword = proxyPassword;
* Gets the supportedCipherSuites attribute of the SSLTunnelSocketFactory
* object
*@return The supportedCipherSuites value
public String[] getSupportedCipherSuites() {
return dfactory.getSupportedCipherSuites();
* Gets the defaultCipherSuites attribute of the SSLTunnelSocketFactory
* object
*@return The defaultCipherSuites value
public String[] getDefaultCipherSuites() {
return dfactory.getDefaultCipherSuites();
* Gets the socketConnected attribute of the SSLTunnelSocketFactory object
*@return The socketConnected value
public synchronized boolean getSocketConnected() {
return socketConnected;
* Creates a new SSL Tunneled Socket
*@param s Ignored
*@param host destination host
*@param port destination port
*@param autoClose wether to close the socket automaticly
*@return proxy tunneled socket
*@exception IOException raised by an IO error
*@exception UnknownHostException raised when the host is unknown
public Socket createSocket(Socket s, String host, int port, boolean autoClose)
throws IOException, UnknownHostException {
Socket tunnel = new Socket(tunnelHost, tunnelPort);
doTunnelHandshake(tunnel, host, port);
SSLSocket result = (SSLSocket) dfactory.createSocket(tunnel, host, port, autoClose);
result.addHandshakeCompletedListener(
new HandshakeCompletedListener() {
public void handshakeCompleted(HandshakeCompletedEvent event) {
System.out.println("Handshake Finished!");
System.out.println("\t CipherSuite :" + event.getCipherSuite());
System.out.println("\t SessionId: " + event.getSession());
System.out.println("\t PeerHost: " + event.getSession().getPeerHost());
setSocketConnected(true);
// thanks to David Lord in the java forums for figuring out this line is the problem
// result.startHandshake(); //this line is the bug which stops Tip111 from working correctly
return result;
* Creates a new SSL Tunneled Socket
*@param host destination host
*@param port destination port
*@return tunneled SSL Socket
*@exception IOException raised by IO error
*@exception UnknownHostException raised when the host is unknown
public Socket createSocket(String host, int port)
throws IOException, UnknownHostException {
return createSocket(null, host, port, true);
* Creates a new SSL Tunneled Socket
*@param host Destination Host
*@param port Destination Port
*@param clientHost Ignored
*@param clientPort Ignored
*@return SSL Tunneled Socket
*@exception IOException Raised when IO error occurs
*@exception UnknownHostException Raised when the destination host is
* unknown
public Socket createSocket(String host, int port, InetAddress clientHost,
int clientPort)
throws IOException, UnknownHostException {
return createSocket(null, host, port, true);
* Creates a new SSL Tunneled Socket
*@param host destination host
*@param port destination port
*@return tunneled SSL Socket
*@exception IOException raised when IO error occurs
public Socket createSocket(InetAddress host, int port)
throws IOException {
return createSocket(null, host.getHostName(), port, true);
* Creates a new SSL Tunneled Socket
*@param address destination host
*@param port destination port
*@param clientAddress ignored
*@param clientPort ignored
*@return tunneled SSL Socket
*@exception IOException raised when IO exception occurs
public Socket createSocket(InetAddress address, int port,
InetAddress clientAddress, int clientPort)
throws IOException {
return createSocket(null, address.getHostName(), port, true);
* Sets the socketConnected attribute of the SSLTunnelSocketFactory object
*@param b The new socketConnected value
private synchronized void setSocketConnected(boolean b) {
socketConnected = b;
* Description of the Method
*@param tunnel tunnel socket
*@param host destination host
*@param port destination port
*@exception IOException raised when an IO error occurs
private void doTunnelHandshake(Socket tunnel, String host, int port) throws IOException {
OutputStream out = tunnel.getOutputStream();
//generate connection string
String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
+ "User-Agent: "
+ sun.net.www.protocol.http.HttpURLConnection.userAgent;
if (tunnelUserName != null && tunnelPassword != null) {
//add basic authentication header for the proxy
sun.misc.BASE64Encoder enc = new sun.misc.BASE64Encoder();
String encodedPassword = enc.encode((tunnelUserName + ":" + tunnelPassword).getBytes());
msg = msg + "\nProxy-Authorization: Basic " + encodedPassword;
msg = msg + "\nContent-Length: 0";
msg = msg + "\nPragma: no-cache";
msg = msg + "\r\n\r\n";
System.err.println(msg);
byte b[];
try {
//we really do want ASCII7 as the http protocol doesnt change with locale
b = msg.getBytes("ASCII7");
} catch (UnsupportedEncodingException ignored) {
//If ASCII7 isn't there, something is seriously wrong!
b = msg.getBytes();
out.write(b);
out.flush();
byte reply[] = new byte[200];
int replyLen = 0;
int newlinesSeen = 0;
boolean headerDone = false;
InputStream in = tunnel.getInputStream();
boolean error = false;
while (newlinesSeen < 2) {
int i = in.read();
if (i < 0) {
throw new IOException("Unexpected EOF from Proxy");
if (i == '\n') {
headerDone = true;
++newlinesSeen;
} else
if (i != '\r') {
newlinesSeen = 0;
if (!headerDone && replyLen < reply.length) {
reply[replyLen++] = (byte) i;
//convert byte array to string
String replyStr;
try {
replyStr = new String(reply, 0, replyLen, "ASCII7");
} catch (UnsupportedEncodingException ignored) {
replyStr = new String(reply, 0, replyLen);
//we check for connection established because our proxy returns http/1.1 instead of 1.0
if (replyStr.toLowerCase().indexOf("200 connection established") == -1) {
System.err.println(replyStr);
throw new IOException("Unable to tunnel through " + tunnelHost + ":" + tunnelPort + ". Proxy returns\"" + replyStr + "\"");
//tunneling hanshake was successful
}<----- End Copy and Paste -------->BTW, if you are using an implementation in which
the http/https implementation recognises
the java.net.Authenticator properly, you can use
that framework to do basic/digest authentication.
I think Sun's JDK 1.4 supports both basic
and digest for both proxies and the actual end
site you connect via http/https, but I haven't
tested it to be sure. I know it works
with http/basic at the end host.
Today's Ob hack:
import java.net.*;
import java.io.*;
class MyAuth extends Authenticator {
protected PasswordAuthentication getPasswordAuthentication() {
System.out.println("The realm '" + getRequestingPrompt() +
"' at '" + getRequestingHost() + ":" + getRequestingPort() +
"'\n" + "using " + getRequestingProtocol() + " is requesting " +
getRequestingScheme().toUpperCase() + " authentication.");
System.out.println("");
System.out.println("What should we send them? Let's send them ...");
System.out.println("");
return new PasswordAuthentication("username", "password".toCharArray()); }
public class MyURL {
public static void main(String[] args) throws Exception {
// set to the authenticator you want to use.
Authenticator.setDefault(new myAuth());
URL url =
new URL("http://www.some.com/something_protected/index.htm");
BufferedReader in = new BufferedReader(
new InputStreamReader(
url.openStream()));
String inputLine;
while ((inputLine = in.readLine()) != null) {
System.out.println(inputLine);
in.close(); -
Hi,
I have tried the following:
on PC1 (win xp) I have created ssh connection with port forwarding
(local 8888 to remote 8888) to server1.
From server1 I have created another ssh connection with portforwarding to server2(local 8888 to remote 1521).
When I try to connect to oracle instance on server2 from PC1, using this kind of tunneling I got an error:
Oracle Error :: TNS-12547
TNS:lost contact
Does anyone have some experience with this kind of tunneling or is this kind of tunneling is possible?
Thanks,
GoranPerhaps this thread will help you with tunneling vnc through ssh. I have personally put a number of posts about doing this; you might try searching these forums on user "j.v." and search terms "VNC" and "tunnel" if you want to see some of the stuff I have posted.
As far as tunneling your web browser through an ssh proxy, I think the easiest way to do this is to get a second web browser like Firefox for all the proxy stuff, and set it up as a SOCKS5 to proxy to "localhost:1080" or whatever port. Then, when you make a ssh connection, add a "-D 1080" option to your ssh command that you issue at the client computer. In Terminal, type "man ssh" to learn more about the "-D" proxy tunnel option. -
Does the plugin-in still not work with HTTPS and a proxy server?
From plug-in docs -
"Java Plug-in supports http, ftp, gopher and SOCKS v4 protocols through the proxy server. Currently, Java Plug-in does not support https (SSL). "Hello
I am making HTTPS calls from within my applet code and this works fine using the basic Java Plug-in support for HTTPS.
This means my code basically does:
URL url = new URL("https://myhost.com/servlet/Test");
URLConnection conn = url.openConnection();
etc..
We are using Java 1.4.2. I've read in the "How HTTPS Works in Java Plug-in" for 1.3, that the plugin uses the browsers API for making HTTPS connections. Is this still the case for 1.4?
My basic problem is that it all works fine if the browser is NOT configured to use a proxy server. If a proxy server is configured we get the following Exception in the client:
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 400 Bad Request ( The data is invalid. )"
I have read that "Sun's Java Secure Socket Extension (JSSE) library allows you to access a secure Web server from behind a firewall via proxy tunnelling. However, JSSE expects the proxy's reply to the tunnelling request to begin with "HTTP 1.0"; otherwise, it throws an IOException" (http://www.javaworld.com/javatips/jw-javatip111_p.html)
The article talks about using the JSSE library but it seems to be assuming the client is an application not an applet.
How do I use JSSE from within an applet if all the proxy information I seem to need to set in the JSSE code is held by the browser?
Will JSSE support proxies returning responses beginning HTTP 1.1 in the future?
Any help on this would be greatly appreciated.
Many thanks
mark -
HTTPS with Applet over Proxy Issue
An applet using HttpURLConnection within a Java Applet. The Connection is formulated as follows:
HttpURLConnection urlConn = (HttpURLConnection)destURL
.openConnection( );
urlConn.setDoOutput( true );
urlConn.setDoInput( true );
urlConn.setUseCaches( false );
urlConn.setAllowUserInteraction( false );
urlConn.setRequestProperty( "Content-type","multipart/form-data" );
urlConn.setRequestProperty( "Content-length","" + parameters.length( );This works fine with numerous proxy servers and other network
topologies, except one. The issue I am told occurs when we are trying to
connect over https. For background, my understanding is this causes the Java Plug-in to :
* invoke the http CONNECT command
* wait for the 200 OK indicating that the secure tunnel is established
* then send the request securely.
Doing a packet trace shows that the headers set in the code are
actually being included with the CONNECT. However the Java Plug
(1.4.2_06) does not sent the body with the CONNECT. I am told this
causes the proxy to wait for an entity that never arrives, because, on
the other end, the plug-in is waiting for 200 OK. After 8 secs the
plug-in resets the connection and fails.
Packet traces on other proxies show the same content-length header being
included, but they decide ignore it. From Googling I note some folks
claim that this is expected, because CONNECT is non-entity enclosing.
Doc's are scant on the CONNECT command. In some cases they seem to imply
that no data should go with the CONNECT (making it non-entity
enclosing), but later they state it supports data-pipelining, making the
content-length relevant, as the CONNECT may well contain an entity.
Moreover, is the intent of Applet Framework to insulate the programmer
from having to worry about issues like this? For example this Applet can
and does connect to a myriad of HTTP/1.1 or 1.0 server through a proxy
or not; in the case of no proxy or non secure proxy, the content-length
header is valid as the request goes out in one go with associated
headers. So writing the code as above, does not seem to be inherently
flawed, IMO. <-- And that is a question too :).
I note there is an isProxy() method, but this can only be determined
after connection (obviously) and parameters cannot be changed once the
connection is made. So creating a dummy connection first is possible I
suppose, but it seems a slippery slope to start coding for exceptions
like this, unless absolutely necessary.
On the face of it, it could be argued that this appears to be a bug in
the plug-in but with very little hits in google I am doubtful. To that
end, does anyone have any thoughts or experience with either working
around the problem (it would seem to be a pity to have to have a setting
per client), or whether in fact this proxy server is being too draconian
in its interpretation.
Thanks in advance,
Gary
Refs:
RFC2616
http://www.web-cache.com/Writings/Internet-Drafts/draft-luotonen-web-proxy-tunneling-01.txtPardon my ignorance about proxies, but how do you tell the plug-in that there is a proxy in between you and the destination?
The reason I ask is because with the https protocol, the first thing that happens is that an SSL connection is set up between the endpoints, and only after, through this secure tunnel, is the GET request or whatever sent. The proxy never gets to see any of the HTTP headers. -
Hello.
I'm facing problem during client connection throungth proxy.
The error messagge is:
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 302 Moved Temporarily"
at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:923)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA6275)
at updateAuto.getInputStream(updateAuto.java:494)
at updateAuto.downloadFile(updateAuto.java:422)
at updateAuto.start(updateAuto.java:263)
at Avvio.main(Avvio.java:8)
The question is: how i set the basic authentication? I found two example:
URL url= new URL(fileName);
URLConnection connection= url.openConnection();
connection.setRequestProperty("Proxy-Authorization","Basic " + new sun.misc.BASE64Encoder().encode(proxyUser + ":" + proxyPassword).getBytes()));
URL url= new URL(fileName);
URLConnection connection= url.openConnection();
connection.setRequestProperty("Proxy-Authorization", new sun.misc.BASE64Encoder().encode(proxyUser + ":" + proxyPassword).getBytes()));
So, i MUST specify the Basic before the user-password or not?
I'm in the rigth direction or i miss something?
Best regards
Gianluca ChiodaroliI was also struggled to get this thing done for long time and finally mangaged to got through. Following code would demonstrate how you could connect to a https url through a proxy sever. You have to replace your proxy server, port, userid/password and your https URL in the appropriate places.
Also follow the instructions given in the java comments blocks to download the deigital certifactes of your https sites and configure them in the filestores.
I have tested this code with JDK 1.4
Good luck. Dushan Karawita
import com.sun.net.ssl.*;
import javax.commerce.util.BASE64Encoder;
import java.net.*;
import java.io.*;
import java.util.*;
* Title: HttpsPrototye
* Description: This will demonstrate how to connect to a https url through
* a proxy server. It is very difficult to find a proper documentation
* describing how to implement this feature.
* @auther : Dushan Karawita ([email protected])
public class HttpsPrototype {
* Performs the proxy tunneling to access the https url.
public static void testHttps() {
HttpsURLConnection httpsCon = null;
DataInputStream dis = null;
InputStream is = null;
String response = null;
String cookieString = null;
URL sslUrl = null;
try {
* Sets the https proxy server and the https proxy port.
* @todo: Replace the <proxy.server.com> with your proxy server's
* IP address and replace with the correct port.
System.setProperty("https.proxyHost", "<proxy.server.com>");
System.setProperty("https.proxyPort", "80");
* Add the route to your cacerts filestore (or a filestore of
* your choice) you'll find ca certs at java_home$/jre/lib/security
* Seems that if you dont add this java will not always find the
* certificate required for to trust the SSL connection.
* Note if you still get a CertificateException "could not find
* trusted certificate" then you will need to import the public
* certificate of the website you are connecting to into the
* keystore using,
keytool -import -keystore cacerts -file thecert.cer -alias thecertname
* This command will add the "thecert.cer" file to the "cacerts"
* filestore (if not available, it will create it). Make sure you go
* to the place where you want to place the filestore (cacerts) and
* run the command since it will create it in the location it's been
* run. You can use IE to download the certificate and save it in the
* hard disk with following steps.
* Tools -> Internet Options -> Content -> Certificates
* -> Immediate Certification Autherities
* and select the certificate from the list and select "Export" and
* follow the wizard to install it into the local hard drive. If the
* relavent certificate is not available in the list, try to import
* the certificate by clicking on the padlock sign of the IE when
* you go into the secure link.
* Following is the example of how to import the certificate in your
* filestore.
* try the password as "changeit"
E:\jdk1.4.1\jre\lib\security>keytool -import -keystore cacerts -file doit.cer
* Enter keystore password: changeit
* Owner: CN=*.doit.com, OU=Domain Control Validated, OU=See
* www.ffffssl.com/cps (c)04, OU=https://services.my-choicepoint.net
* /getit.jsp?126600646, O=*.doit.com, C=NL
* Issuer: CN=ChainedSSL CA, O=FreeSSL, C=US
* Serial number: 2899e49
* Valid from: Thu Jan 29 15:14:20 GST 2004 until: Sat Jan 29
* 15:14:20 GST 2005
* Certificate fingerprints:
* MD5: 44:C5:AC:10:4A:34:6E:19:0D:3A:8A:32:B5:4F:A3:C4
* SHA1: DA:D8:11:74:B6:BA:EB:D9:98:F2:12:AF:E9:4C:73:0B:4B:FA:1D:CF
* Trust this certificate? [no]: y
* Certificate was added to keystore
* E:\jdk1.4.1\jre\lib\security>
* You have to set the filestore where you have imported your site's
* certificates. Here we're setting the defualt jdk filestore since
* we have imported the ncessary certificates into the same filestore.
* You can give different filestore if you have created your
* filestore in a different place.
System.setProperty("javax.net.ssl.trustStore",
"E:/jdk1.4.1/jre/lib/security/cacerts");
* Before connecting with a secure URL, we must do this first :
java.security.Security.addProvider(
new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
* The https URL which you want to access.
* If you are using the JDK defualt filestore, it is a good idea to
* test with the https://www.sun.com url
* @todo: Replace your https url.
sslUrl = new URL("https://www.sun.com");
* Opens the https URL connection.
httpsCon = (HttpsURLConnection) sslUrl.openConnection();
httpsCon.setFollowRedirects(true);
* Set the Proxy user id and password for the basic proxy
* authorization.
* @todo: Replace the <user:password> with your proxy user id and
* the password.
httpsCon.setRequestProperty("Proxy-Authorization", "Basic "
+ new BASE64Encoder()
.encodeBuffer("<user:password>".getBytes()));
* Sets the normal authorization if the site itself is required to be
* authenticated before access.
* @todo: Replace the <user:password> with your sites user id and
* the password.
httpsCon.setRequestProperty("Authorization", "Basic "
+ new BASE64Encoder().encodeBuffer("<user:password>"
.getBytes()));
* Reads the coockie from the header field, so we can bind this
* coockie with the next request header if we want to maintain our
* session so we would be able to traverse through multiple pages
* with the same session.
cookieString = httpsCon.getHeaderField("Set-Cookie");
cookieString = cookieString.substring(0, cookieString.indexOf(";"));
System.out.println(cookieString);
* get the input stream and creates a DataInputStream.
is = httpsCon.getInputStream();
dis = new DataInputStream(new BufferedInputStream(is));
* Reads the input stream through the DataInputStream and print the
* response line by line.
while ((response = dis.readLine()) != null) {
System.out.println(response);
dis.close();
is.close();
httpsCon.disconnect();
} catch (MalformedURLException mfue) {
mfue.printStackTrace();
} catch (IOException ioe) {
ioe.printStackTrace();
* main method to test the code.
* @param args
public static void main(String args[]) {
new HttpsPrototype().testHttps();
} -
Proxy authentication doesn't work with JSSE
Hello,
Seems like there is no common way to authenticate with proxy for HTTP and HTTPS.
Connecting to http://... - works fine, but https://... returns error message:
Unable to tunnel through 111.111.111.111:8080. Proxy returns "HTTP/1.0 407 Proxy Authentication Required"
(IP address is intentionally changed in the message above)
I'm using JSSE with VAJ JDK 1.2 and here is a Java code snippet that works well with HTTP connections:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
System.setProperty("https.proxyHost", proxyHost);
System.setProperty("https.proxyPort", proxyPort);
System.setProperty("http.proxyHost", proxyHost);
System.setProperty("http.proxyPort", proxyPort);
try {
URL url = new URL("https://www.sun.com");
URLConnection connection = url.openConnection();
String authString = proxyUserID + ":" + proxyPasswd;
String encodedAuthString =
"Basic " + new sun.misc.BASE64Encoder().encode(authString.getBytes());
connection.setUseCaches(false);
connection.setRequestProperty("Proxy-authorization", encodedAuthString);
Listening to the network traffic helped me to understand that there is a difference between the way HTTP and HTTPS is handled. For some reason HTTPS ignores all the headers that I specify using setRequestProperty().
Here is example of request and responses sent by HTTPS handler:
Request:
CONNECT 198.175.98.32:443 HTTP/1.0
User-Agent: JSSE
Proxy response:
HTTP/1.0 407 Proxy Authentication Required
Date: Wed, 07 Nov 2001 22:04:11 GMT
Content-Length: 233
Content-Type: text/html
Server: NetCache (NetApp/5.1R2D4)
Proxy-Authenticate: basic realm="NETCACHE2"
Please note that there is no Proxy-authorization header in the request above.
Compare it with HTTPS request sent by Netscape browser:
Request to proxy:
CONNECT www.sun.com:443 HTTP/1.0
Proxy-authorization: Basic am0vbDphrGxHa22lLg==
User-Agent: Mozilla/4.76 [en] (Windows NT 5.0; U)
Response:
HTTP/1.0 200 Connection established
Proxy-Agent: NetCache NetApp/5.1R2D4
So, the question is:
What is the best way to pass "Proxy-authorization" header to proxy server??
Thanks in advance for your time.Hi Guys,
Just like, i assume, all of you, i've had my battles with javas' handling of https comms from behind a firewall. I'm actually amazed at how something that is a simple combination of protocol and security should become so messy.
Luckily , i managed to get all my requirements met, but the sad thing is after all that hard work, i'm not much closer to understanding why the standard java sdk (im using 1.4) forces us to endure such painful tasks.
Really, Java is quite a mature language now, and one of its touted benefits is its applicability to web and internet technologies... so why the messy proxy code when dealing with ssl?
Anyway, i didn't really come here to b**tch, but rather to point you all to a handy library from apache - httpClient - http://jakarta.apache.org/commons/httpclient.
After implementing ssl proxy tunnelling and all the fun that goes with it, i found this tool, and subsequently deleted all that ugly code, and let http client deal with all that for me.
Its seriously simple, heres a snippet:
httpClient = new HttpClient();
httpClient.setTimeout(responseTimeoutMillies);
Protocol myHttps = new Protocol("https", new SSLContextBasedSocketFactory(sslContext), targetServerPort);
httpClient.getHostConfiguration().setHost(targetServerHost, targetServerPort, myHttps);
if (useProxy)
httpClient.getHostConfiguration().setProxy(proxyHost, proxyPort);
httpClient.getState().setProxyCredentials("my-proxy-realm", proxyHost, new UsernamePasswordCredentials(proxyUser, proxyPassword));
}This initialises the client, and after this, making http requests is simple:
String response = null;
PostMethod postMethod = new PostMethod("/secure/blah.jsp"); // A HTTP Post
postMethod.setRequestBody("Hello there"); // this is the data in the http post body
int responseCode = httpClient.executeMethod(postMethod);
if(responseCode == 200)
response = postMethod.getResponseBody();...
As you can see, its alot less painful. It certainly makes me feel better, knowing i don't have to support/maintain the ugly proxy tunnelling code. Give it a shot on your next project.
Hope it helps.
Regards
Marcus Eaton -
Is it possible to use Apache to proxy/tunnel RTMP(S) traffic through to Flash Media Server?
Basically, I want to tunnel RTMP traffic using HTTP through Apache.
What I want to be able to do is open up an appropriate port (either 80 or 443) on the Apache server and have that proxy traffic through to Flash Media Server. The reason I ask is that I have set-up this scenario but I keep getting a "NetConnection.Connect.Failed" error message; I captured the network traffic flowing between my machine and the server and it is connecting to the server, just nothing happens after that.
Do I have to connect directly to Flash Media Server?
Thanks
Message was edited by: sbuckleI am not sure you can do this. But you can definitely do the otherway round i.e use FMS to proxy your HTTP data to apache.. This is how you can do that http://help.adobe.com/en_US/FlashMediaServer/3.5_AdminGuide/WSE2A5A7B9-E118-496f-92F9-E295 038DB7DB.html
-
I'm facing some problems while doing http tunneling thru proxy and below I'm giving some trace messages.
Without proxy the system seems to work ok.
Client -------- proxy ------- Tunnel Server --------- Server
The tunnel server tries to send back the data to client on the http connection.
The client is trying to receive data on the http connection.
The tunnel forwarder throws the following exception. Basically the tunnel forwarder thinks that the socket is closed immediately.
java.net.SocketException: Socket closed
at java.net.SocketOutputStream.socketWrite(Native Method)
at java.net.SocketOutputStream.write(Unknown Source)
at java.io.ObjectOutputStream.drain(Unknown Source)
at java.io.ObjectOutputStream.setBlockData(Unknown Source)
at java.io.ObjectOutputStream.writeObject(Unknown Source)
at TunnelForwarder.run(TunnelForwarder.java:108)
java.net.SocketException: Socket closed
at java.net.SocketOutputStream.socketWrite(Native Method)
at java.net.SocketOutputStream.write(Unknown Source)
at java.io.ObjectOutputStream.drain(Unknown Source)
at java.io.ObjectOutputStream.setBlockData(Unknown Source)
at java.io.ObjectOutputStream.writeObject(Unknown Source)
at TunnelForwarder.run
The client throws the following exception. It thinks that the httpConnection is down immediately.
java.net.SocketException: Unexpected end of file from server
at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
at TunnelReader.establishConnectionPath(TunnelReader.java:98)
at TunnelReader.run(TunnelReader.java:124)
java.lang.NullPointerException
at TunnelReader.run(TunnelReader.java:130)
However, the tunnel server shows that the tunnel is maintained
And even the netstat -n shows that the connection exists
C:\WINNT>netstat -n
Active Connections
Proto Local Address Foreign Address State
|
|
TCP tunnelServer:3299 server:12000 ESTABLISHED
|
|
TCP tunnelServer:9000 proxy:48040 ESTABLISHED
|
|
The http connection is actually brought down by the proxy after a considerably long time (more than a minute).
Regards,
Rahuole pawerDo not try base your tunnel on urlConnections. After you send the message, you cannot read. The only way is to use 2 connections, because all the proxy servers support only HTTP/1.0, which was depricated by W3C in 1996 after HTTP/1.1 was accomplished. If your proxy does you are lucky. To make your tunnel working over HTTP/1.0 is terrible task of TCP stack rewriting in Java. May be someone has it implemented already. I am interested to look after.
-
Outlook Connector via a proxy?
Hi there
Is it possible to configure Outlook Connector to work through an http proxy?
Thanks
JasonI think it would be worthwhile to look into supporting HTTP proxy tunneling. We have to use webmail when on a client site that requires access via a VPN - which is often slow/unresponsive.
Regards
Jason -
Hello, i'm new of this forum :-)
I have a question about firewall/proxy tunnelling.
I have build a little application with Socket Client on port 80,
but it do not work on system that have firewall or proxy.
So I have to convert my application to have the ability of work with firewall and proxy.
To do it I have read more documentation about SPI,
and I have decided to use URLConnection.
If I open Socket and send content-type 'application/zip',
and after that i send a ZIPPED version of "traffic" I think that my Socket
can work with firewall and proxy.
It's correct ?
Thank you,
darezFrom what I've read, although I've never had to use it, you can tell the JVM to use a proxy by using the -D parameter and passing values when you run you're program e.g for an web/http proxy you'd do something like .
java -Dhttp.proxySet=true -Dhttp.proxyHost=192.168.1.100 -Dhttp.proxyPort=8888 myjavaprogram
You can also save these settings in a properties file and read them from there apparently. As for being behind/confronted by a firewall - don't thing there's much you can do about that if it isn't going to let you through. -
Hi,
I am trying to access user's proxy settings in my signed JApplet, but can't find any information about that in documentation. Can someone point me somewhere? I need them because I use Sockets in my program.
Thank you,
DmitriDetecting proxy settings that the plug-in is using is tricky stuff... Sun added some (not well documented) support for proxy detection... Try searching the jdc bug db for detect proxy, etc.
The extra jar that needs to be in your classpath during compile (if compiling under 1.3.1) is jre 1.4.1's rt.jar. BTW, we also include javaws.jar because our same JAppplet JARs run under Java Web Start.
I've clobbered together a method (that could use some cleaning:) that takes the URL of a file known to exist (anything from the applet's codebase, eg. settings.prop) & sets a couple booleans & proxy props... Seems to work pretty well except under Mac OS X:
static String proxyIP = "";
static int proxyPort = 80;
static boolean autoDetectProxy = false; // If SSL version, assume autoDetect, else do not
static boolean useProxy = false;
detectProxy(<codebase file url>);
System.out.println ("Using Proxy:" + useProxy + " Auto Detect Proxy:" + autoDetectProxy + "Proxy IP:" + proxyIP + " Proxy Port:" + proxyPort);
void detectProxy(URL sampleURL) {
// Added in 5.0.3 - Plugin 1.4 will hide the internal Sun proxy stuff, so use new proxy property introduced in 1.3.0_1 (1.3.1)...
// 5.0.7 Update: - Plugin 1.4 Final added com.sun.java.browser.net.* classes ProxyInfo & ProxyService... Use those with JREs => 1.4
System.out.println(("About to attempt auto proxy detection under Java version:"+javaVers);
boolean invokeFailover = false; // If specific, known detection methods fail may try fallback detection method
if (javaVers.startsWith("1.3")) { // Use Sun-specific internal plugin proxy classes for 1.3.X... 1.4.+ nuked this method...
// Look around for the 1.3.X plugin proxy detection class... Without it, cannot autodetect...
try {
Class t = Class.forName("sun.plugin.protocol.ProxyHandler");
// Attempt to discover proxy info by asking internal plugin code to locate path to server sampleURL...
sun.plugin.protocol.ProxyHandler proxyHandler = sun.plugin.protocol.PluginProxyHandler.getDefaultProxyHandler();
if (proxyHandler != null) {
try {
sun.plugin.protocol.ProxyInfo proxyInfo = proxyHandler.getProxyInfo (sampleURL);
if (proxyInfo != null) {
// Currently support HTTP non-authenticating proxies. Authenticating proxies/SOCKS support TDB
/* Authenticating proxies need (actually, will need to use Header param of SSLTunneledSocket):
String authString = "userid:password";
String auth = "BASIC + new sun.misc.BASE64Encoder().encode(authString.getBytes());
URL theURL = ....
URLConnection urlConn = ....
urlConn.setRequestProperty("Proxy-Authorization", auth);
useProxy = (proxyInfo.getProxy() != null);
if (useProxy) {
proxyIP = proxyInfo.getProxy();
proxyPort = proxyInfo.getPort();
System.out.println("1.3.X proxy " + proxyIP+" port " + proxyPort);
else {
System.out.println("NULL proxyInfo in 1.3.X auto proxy detection, assuming no proxy...");
autoDetectProxy = false;
catch (Exception e) {
System.out.println("Exception during 1.3.X auto proxy detection, will try failover detection, e:"+e);
invokeFailover = true;
catch (Exception ee) {
System.out.println("Sun Plugin 1.3.X proxy detection class not found, will try failover detection, e:"+ee);
invokeFailover = true;
else if (javaVers.startsWith("1.4")) {
try {
// Look around for the 1.4.X plugin proxy detection class... Without it, cannot autodetect...
Class t = Class.forName("com.sun.java.browser.net.ProxyService");
com.sun.java.browser.net.ProxyInfo[] pi = com.sun.java.browser.net.ProxyService.getProxyInfo(sampleURL);
if (pi == null || pi.length == 0) {
System.out.println("1.4.X reported NULL proxy (no proxy assumed)");
useProxy = false;
else {
System.out.println("1.4.X Proxy info geProxy:"+pi[0].getHost()+ " get Port:"+pi[0].getPort()+" isSocks:"+pi[0].isSocks());
useProxy = true;
proxyIP = pi[0].getHost();
proxyPort = pi[0].getPort();
System.out.println("proxy " + proxyIP+" port " + proxyPort);
catch (Exception ee) {
System.out.println("Sun Plugin 1.4.X proxy detection class not found, will try failover detection, e:"+ee);
invokeFailover = true;
else {
System.out.println("Sun Plugin reported java version not 1.3.X or 1.4.X, trying failover detection...");
invokeFailover = true;
if (invokeFailover) {
System.out.println("Using failover proxy detection...");
try {
String proxyList = ((String)System.getProperties().getProperty("javaplugin.proxy.config.list")).toUpperCase();
System.out.println("Plugin Proxy Config List Property:"+proxyList);
useProxy = (proxyList != null);
if (useProxy) { // Using HTTP proxy as proxy for HTTP proxy tunnelled SSL socket (should be listed FIRST)....
// 6.0.0 1/14/03 1.3.1_06 appears to omit HTTP portion of reported proxy list... Mod to accomodate this...
// Expecting proxyList of "HTTP=XXX.XXX.XXX.XXX:Port" OR "XXX.XXX.XXX.XXX:Port" & assuming HTTP...
if (proxyList.indexOf("HTTP=") > -1)
proxyIP = proxyList.substring(proxyList.indexOf("HTTP=")+5, proxyList.indexOf(":"));
else proxyIP = proxyList.substring(0, proxyList.indexOf(":"));
int endOfPort = proxyList.indexOf(",");
if (endOfPort < 1) endOfPort = proxyList.length();
proxyPort = Integer.parseInt(proxyList.substring(proxyList.indexOf(":")+1,endOfPort));
System.out.println("proxy " + proxyIP+" port " + proxyPort);
catch (Exception e) {
System.out.println("Exception during failover auto proxy detection, autoDetect disabled, e:"+e);
autoDetectProxy = false;
}Good luck,
Chris
Maybe you are looking for
-
i am trying to bookmark an ftp download site for my website that is of the form: ftp://[email protected]//[email protected] i know this is a mouthful but it is the correct url and when i enter it into Safari it kicks it out into Firefox which I also
-
Hi Apple Experts, My Macbook Pro laptop charger stopped working after it was lying on the floor and my room filled with water due to water logging in the pipes in the bathroom adjacent to my room. I tried drying the charger with a hair dryer but it i
-
UCCX 9.0.2 Error when opening Scripts
When I attempt to open my scripts using the Unified CCX Editor I receive the following error message: Failed to load script file; com.cisco.script.ScriptITOexception: Failed to load script <script location>; nested exception is: java.io.EOFException
-
802.1x MAB with Juniper EX switch.
Hi, I tried to authenticate user from juniper EX switch to Cisco ACS Radius. The ACS can authenticate normal user via 802.1x but not MAB. I set in the acs to authenticate any request using RADIUS IETF. I also tried to connect to different ACS server
-
Thread:how to stored procedure stored in csv file in oracle
can any one help me out please. db--oracle(10.2.0.4) platform-linux(64) we need to export data from a table into a .csv file. please help me out. thanks