php、CURLAUTH_NTLM 并且身份验证不适用于 NTLM 代理
php, CURLAUTH_NTLM and authentication is not working for NTLM proxy
我正在尝试通过公司 NTLM 代理服务器在 Windows 7 上使用来自 php 脚本的互联网。目标是通过 php.
解析外部网页
在互联网上进行了长时间的挖掘之后,我尝试了几种无效的解决方案,例如那些(以及很多变体):
$PROXY_HOST = "10.10.20.30"; // Proxy server address
$PROXY_PORT = "8080"; // Proxy server port
$PROXY_USER = "myuser"; // Username
$PROXY_PASS = "mypass"; // Password
$auth = base64_encode("$PROXY_USER:$PROXY_PASS");
stream_context_set_default(
array(
'http' => array(
'proxy' => "tcp://$PROXY_HOST:$PROXY_PORT",
'request_fulluri' => true,
'header' => "Proxy-Authorization: Basic $auth"
)
)
);
或者这个
$proxy = "10.10.20.30:8080";
$useragent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1";
$url = "https://www.google.com";
$credentials = "myuser:mypass";
$ch = curl_init();
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,15);
curl_setopt($ch, CURLOPT_HTTP_VERSION,'CURL_HTTP_VERSION_1_1' );
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
curl_setopt($ch, CURLOPT_PROXYUSERPWD,$credentials);
curl_setopt($ch, CURLOPT_USERAGENT,$useragent);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);
$result=curl_exec ($ch);
curl_close ($ch);
echo 'RES: '.$result;
Firefox (Chrome, IE) 可以很好地处理 NTLM,但我不知道如何在 php.
中实现它
基本上我认为我应该模仿浏览器的功能:
- 发出http请求
- 随机获取
- 使用我的凭据制作 MD4(5)
- 等等
为什么 CURLAUTH_NTLM 在我的情况下不起作用?
我可以绕过 php 函数并使用一些 windows 本机(但是..存在吗?)来获取 url 并通过此方法获取文本?
提前致谢,
编辑 #1
这是我的 CURL 设置
编辑#2
下面是FF网络分析
编辑#3
嗯...我将 PHP 版本升级到最新的 7.2.3(而不是 5.5.12)并且几乎开始了解 NIGHTMARE 代理服务器:)
* Trying 10.10.10.10...
* TCP_NODELAY set
* Connected to 10.10.10.10 (10.10.10.10) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to google.com:443
* Proxy auth using NTLM with user 'myuser'
> CONNECT google.com:443 HTTP/1.1
Host: google.com:443
Proxy-Authorization: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
==
Proxy-Connection: Keep-Alive
< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
< Proxy-Connection: keep-alive
< Content-Length: 0
<
* Establish HTTP proxy tunnel to google.com:443
* Proxy auth using NTLM with user 'myuser'
> CONNECT google.com:443 HTTP/1.1
Host: google.com:443
Proxy-Authorization: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
Proxy-Connection: Keep-Alive
< HTTP/1.0 200 Connection established
< Via: HTTP/1.1 proxy10505
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering http/1.1
* CONNECT phase completed!
* CONNECT phase completed!
* error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied
* stopped the pause stream!
* Closing connection 0
ERR: error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied
Array
(
[url] => https://google.com/
[content_type] =>
[http_code] => 0
[header_size] => 231
[request_size] => 562
[filetime] => -1
[ssl_verify_result] => 1
[redirect_count] => 0
[total_time] => 0.375
[namelookup_time] => 1.0E-6
[connect_time] => 0.094
[pretransfer_time] => 0
[size_upload] => 0
[size_download] => 0
[speed_download] => 0
[speed_upload] => 0
[download_content_length] => -1
[upload_content_length] => -1
[starttransfer_time] => 0
[redirect_time] => 0
[redirect_url] =>
[primary_ip] => 10.10.10.10
[certinfo] => Array
(
)
[primary_port] => 8080
[local_ip] => 10.10.10.10
[local_port] => 49902
)
CURL 版本为
OUT: Array
(
[version_number] => 473344
[age] => 4
[features] => 2428829
[ssl_version_number] => 0
[version] => 7.57.0
[host] => i386-pc-win32
[ssl_version] => OpenSSL/1.1.0g
[libz_version] => 1.2.11
[protocols] => Array
(
[0] => dict
[1] => file
[2] => ftp
[3] => ftps
[4] => gopher
[5] => http
[6] => https
[7] => imap
[8] => imaps
[9] => ldap
[10] => pop3
[11] => pop3s
[12] => rtsp
[13] => scp
[14] => sftp
[15] => smb
[16] => smbs
[17] => smtp
[18] => smtps
[19] => telnet
[20] => tftp
)
)
这个错误是什么意思???
错误:14094419:SSL routines:ssl3_read_bytes:tlsv1 警报访问被拒绝
有些人使用 CNTLM 代理解决此类问题。
Why CURLAUTH_NTLM isn't working in my case?
可能不支持。 运行 一个 phpinfo 并检查 CURLAUTH_NTLM prerequisites 是否正常:
You need to build libcurl with either OpenSSL, GnuTLS or NSS support
for this option to work, or build libcurl on Windows with SSPI
support.
替换为:
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
通过这个:
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
我正在尝试通过公司 NTLM 代理服务器在 Windows 7 上使用来自 php 脚本的互联网。目标是通过 php.
解析外部网页在互联网上进行了长时间的挖掘之后,我尝试了几种无效的解决方案,例如那些(以及很多变体):
$PROXY_HOST = "10.10.20.30"; // Proxy server address
$PROXY_PORT = "8080"; // Proxy server port
$PROXY_USER = "myuser"; // Username
$PROXY_PASS = "mypass"; // Password
$auth = base64_encode("$PROXY_USER:$PROXY_PASS");
stream_context_set_default(
array(
'http' => array(
'proxy' => "tcp://$PROXY_HOST:$PROXY_PORT",
'request_fulluri' => true,
'header' => "Proxy-Authorization: Basic $auth"
)
)
);
或者这个
$proxy = "10.10.20.30:8080";
$useragent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1";
$url = "https://www.google.com";
$credentials = "myuser:mypass";
$ch = curl_init();
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,15);
curl_setopt($ch, CURLOPT_HTTP_VERSION,'CURL_HTTP_VERSION_1_1' );
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
curl_setopt($ch, CURLOPT_PROXYUSERPWD,$credentials);
curl_setopt($ch, CURLOPT_USERAGENT,$useragent);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);
$result=curl_exec ($ch);
curl_close ($ch);
echo 'RES: '.$result;
Firefox (Chrome, IE) 可以很好地处理 NTLM,但我不知道如何在 php.
中实现它基本上我认为我应该模仿浏览器的功能: - 发出http请求 - 随机获取 - 使用我的凭据制作 MD4(5) - 等等
为什么 CURLAUTH_NTLM 在我的情况下不起作用? 我可以绕过 php 函数并使用一些 windows 本机(但是..存在吗?)来获取 url 并通过此方法获取文本?
提前致谢,
编辑 #1
这是我的 CURL 设置
编辑#2
下面是FF网络分析
编辑#3
嗯...我将 PHP 版本升级到最新的 7.2.3(而不是 5.5.12)并且几乎开始了解 NIGHTMARE 代理服务器:)
* Trying 10.10.10.10...
* TCP_NODELAY set
* Connected to 10.10.10.10 (10.10.10.10) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to google.com:443
* Proxy auth using NTLM with user 'myuser'
> CONNECT google.com:443 HTTP/1.1
Host: google.com:443
Proxy-Authorization: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
==
Proxy-Connection: Keep-Alive
< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
< Proxy-Connection: keep-alive
< Content-Length: 0
<
* Establish HTTP proxy tunnel to google.com:443
* Proxy auth using NTLM with user 'myuser'
> CONNECT google.com:443 HTTP/1.1
Host: google.com:443
Proxy-Authorization: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
Proxy-Connection: Keep-Alive
< HTTP/1.0 200 Connection established
< Via: HTTP/1.1 proxy10505
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering http/1.1
* CONNECT phase completed!
* CONNECT phase completed!
* error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied
* stopped the pause stream!
* Closing connection 0
ERR: error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied
Array
(
[url] => https://google.com/
[content_type] =>
[http_code] => 0
[header_size] => 231
[request_size] => 562
[filetime] => -1
[ssl_verify_result] => 1
[redirect_count] => 0
[total_time] => 0.375
[namelookup_time] => 1.0E-6
[connect_time] => 0.094
[pretransfer_time] => 0
[size_upload] => 0
[size_download] => 0
[speed_download] => 0
[speed_upload] => 0
[download_content_length] => -1
[upload_content_length] => -1
[starttransfer_time] => 0
[redirect_time] => 0
[redirect_url] =>
[primary_ip] => 10.10.10.10
[certinfo] => Array
(
)
[primary_port] => 8080
[local_ip] => 10.10.10.10
[local_port] => 49902
)
CURL 版本为
OUT: Array
(
[version_number] => 473344
[age] => 4
[features] => 2428829
[ssl_version_number] => 0
[version] => 7.57.0
[host] => i386-pc-win32
[ssl_version] => OpenSSL/1.1.0g
[libz_version] => 1.2.11
[protocols] => Array
(
[0] => dict
[1] => file
[2] => ftp
[3] => ftps
[4] => gopher
[5] => http
[6] => https
[7] => imap
[8] => imaps
[9] => ldap
[10] => pop3
[11] => pop3s
[12] => rtsp
[13] => scp
[14] => sftp
[15] => smb
[16] => smbs
[17] => smtp
[18] => smtps
[19] => telnet
[20] => tftp
)
)
这个错误是什么意思???
错误:14094419:SSL routines:ssl3_read_bytes:tlsv1 警报访问被拒绝
有些人使用 CNTLM 代理解决此类问题。
Why CURLAUTH_NTLM isn't working in my case?
可能不支持。 运行 一个 phpinfo 并检查 CURLAUTH_NTLM prerequisites 是否正常:
You need to build libcurl with either OpenSSL, GnuTLS or NSS support for this option to work, or build libcurl on Windows with SSPI support.
替换为:
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
通过这个:
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);