28

Is there a nice and small, freeware proxy application that runs in the system tray?

It should support HTTP and HTTPS proxy connections, NTLM authentication and configurable rules (different proxy servers for different hosts).

Bonus karma if it can NTLM-authenticate anonymous requests passing through it.

fixer1234
  • 27,064
  • 61
  • 75
  • 116
Tomalak
  • 1,173
  • 5
  • 12
  • 24
  • 2
    Are you asking for software that runs as a web proxy or software that changes your browser proxy settings? – Goyuix Oct 19 '09 at 17:28
  • Can a browser switcher tool support HTTP? In other words: A software that acts as a proxy, of course. ;-) – Tomalak Oct 20 '09 at 08:07
  • [WinGate](http://wingate.com) is a full-blown proxy which provides a free license for 3 users. – niutech Feb 05 '14 at 01:30
  • Another one: [Proxomitron](http://www.proxomitron.info/). Supports an upstream proxy and offers configurable ad filtering and HTTP header filtering. – Tomalak Sep 01 '14 at 10:35
  • 1
    note that as of 27 May 2016, [WinGate](http://www.wingate.com) is free for 10 concurrently-connected users. Disclaimer, I work for Qbik who are the authors of WinGate. – Adrien Aug 05 '16 at 22:44

3 Answers3

12

Can't believe I forgot Squid: free, open source, runs on windows and supports NTLM authentication. There is a native windows port of squid available in binary.

Privoxy will also work and is free, but it doesn't support NTLM authentication.

JeffP
  • 759
  • 4
  • 8
  • 1
    Squid would be an option, but I fear it is too heavy-weight in terms of resource consumption and configuration/maintenance effort. Does it even run on a Windows box? – Tomalak Oct 20 '09 at 08:05
  • I added a link to the windows binary above. There would be some configuration effort, but I think the feature set can be whittled down to the point where it doesn't take too much runtime overhead. – JeffP Oct 20 '09 at 12:56
  • I use Squid on a mac, takes about 20MB of memory and not much processor. I don't notice the overhead. It's just me using it though with no cache. – Rich Bradshaw Oct 20 '09 at 12:59
  • Can Squid take anonymous requests and turn them into NTLM authenticated ones for the upstream proxy? I intend to use it to enable legacy applications through the corporate proxy server. – Tomalak Oct 20 '09 at 13:06
12

Guess I'm a bit late to the party, but you should check out cntlm. I believe it satisfies almost all your criteria.

Anand
  • 1,725
  • 2
  • 16
  • 24
  • Wow this one sure looks useful. I'll give it a try as soon as time permits. :-) – Tomalak Nov 04 '09 at 15:16
  • So. This one is pretty close. It suffers from a few issues, though. 1) It does not transparently authenticate the logged-on user, instead it relies on a hardcoded username/password combination in config file. 2) It does upstream *proxy* authentication only, it cannot authenticate against an IIS webserver. 3) It does not pass-through authenticated requests from NTLM-capable clients (if such a thing is even possible) – Tomalak Nov 11 '09 at 13:13
  • Apart from that it is pretty sweet. A light-weight proxy server that can run as a Windows service, is quite configurable and handles proxy authentication easily. Not *quite* what I was looking for, sadly. Especially I'm missing a rule engine that decides whether or not to use a proxy server for certain requests. – Tomalak Nov 11 '09 at 13:19
  • Maybe you should try downloading the source and add the rules engine ;) – Anand Nov 13 '09 at 08:53
  • I'm truly sorry for never accepting this answer in almost 13 years. I did not mean to - it has been an honest oversight. In fact, I'm still using cntlm to this day. – Tomalak Feb 24 '22 at 22:43
7

In the past when I needed a proxy to allow a screenscraping script to talk to corporate servers that require NTLM authentication, I downloaded NTLM Authorization Proxy Server and it worked very well. You can get version 0.9.9.6 here.

I don't believe that it runs in the system tray, however you could try using SRVANY to change it into a service.

The only other way that I know which might work is curl but I'm not sure if this can just function as a general proxy. Go to the curl man page and scroll down to --proxy-ntlm

Michael Dillon
  • 937
  • 1
  • 6
  • 11
  • Looks like we have a winner for the bonus karma. This is really interesting, I'll look into it today! – Tomalak Oct 20 '09 at 07:44
  • Does this support authentication of the client with the proxy, or just pass through NTLM to the 3rd party website? – JeffP Oct 20 '09 at 12:55
  • Hm... Too bad. a) It is a Python application, and will be no Python on the machines I intend to use it on, and b) it supports NTLM only if I put username/password in clear-text into the config. I thought of something that simply uses the current user's credentials. – Tomalak Oct 20 '09 at 13:01
  • @JeffP: It supports authenticating anonymous requests passing through it, even translates requests that have basic auth to NTLM. But only under the conditions I described above, which is a pity. – Tomalak Oct 20 '09 at 13:02