CNTLM – Proxy for NTLM authentication
Recently I was using an application which needs internet connection. In my network internet connection is behind proxy and the proxy needs NTLM authentication.
I can set basic authentication for the proxy in my application but there is no way to provide NTLM authentication credential. There are lots of program which behaves like this. A very common example is GIT.
In those cases CNTLM help. It works as local proxy system. You can set NTLM authentication inside CNTLM. So you can reach to internet via it. For more information visit Official CNTLM website.
Now how to configure CNTLM?
Download and install CNTLM. After installation we need to configure it. I installed in in Windows so let me tell configuration For Windows only. The configuration file is C:Program Files (x86)Cntlmcntlm.ini
Lets start play with the configuration.
First we need to set the NTLM credential which is used for the internet proxy. It is not a good idea to put password in plaintext inside the configuration file so we can encrypt it. CNTLM tool has its own option for the encryption.
Open command prompt. Enter command
cntlm -H -d <domainname> -u <username>
It will generate NTML hash. Now switch to cntlm.ini. Paste your id and hash.
Now set the proxy of your internet which is required the NTLM authentication. e.g. 220.127.116.11:80.
Now we need to configure listener. Generally CNTLM listens in 127.0.0.1 ip in the port 3128
You can configure it as you like. It is also possible to listen in multiple ip:port.
Listen 127.0.0.1:3128 Listen 10.0.0.1:3128
Once the configuration is done, save the file and start CNTLM Proxy
Start -> All Programs -> cntlm -> Start Cntlm Authentication Proxy
You can test it in browser to check if it works . Open IE (or your favourite browser) change the proxy. For IE Tools -> Internet Options -> Connections -> Lan Settings -> Proxy server
Set CNTLM Proxy ip and port.
Try to open Google (this is the most common site to check if browser has internet connection). Some time google loads from cache, better open any other site which you open rarely (e.g bing.com 😉 ). If your site opens then it works well.
Now you can set the proxy in your application which requires internet connection. If it takes system proxy then its enough to configure in IE internet settings.