Winfoom is an HTTP(s) proxy server facade that allows applications to authenticate through the proxy without having to deal with the actual handshake.

Overview

winfoom

License Total downloads Latest downloads Release Java CI with Maven

Basic Proxy Facade for NTLM, Kerberos, SOCKS and Proxy Auto Config file proxies

To help this project please give it a star

Overview

Winfoom is an HTTP(s) proxy server facade that allows applications to authenticate through the following proxies:

  • NTLM or Kerberos HTTP authenticated proxy (Kerberos is supported only on Windows systems)
  • SOCKS version 4 or 5, with or without authentication
  • Proxy Auto Config files - including Mozilla Firefox extension that is not part of original Netscape specification

typically used in corporate environments, without having to deal with the actual handshake.

A lot of software applications have problems when dealing with an authenticated proxy server's protocol. Winfoom sits between the corporate proxy and applications and offloads the authentication and the proxy's protocol, acting as a facade. This way, the software application will only have to deal with a basic proxy with no authentication.

An example of such a facade for NTLM proxies is CNTLM

Getting Started

Download Winfoom

Download prepackaged

To try out Winfoom without needing to download the source and package it, check out the releases for a prepackaged winfoom-*.zip. Winfoom is a Java application and requires a Java Runtime Environment (at least v11).

If it is not already installed on your system, you can download it from AdoptOpenJDK or, on Linux systems, use your package manager.

If, for certain reasons, you do not want to install Java globally on your system then download the JRE archive according to your system architecture, unzip it in the Winfoom directory and rename it to jdk.

Build from source code

If you decide to build the executable jar file from the source code, you would need these prerequisites:

  • Java JDK 11(+)
  • Maven 3.x version (optional)

First download the source code from releases and unzip it.

Then open a terminal and execute this command inside the winfoom-x.x.x directory:

 mvn clean package

or, if you did not install Maven, use the Maven Wrapper:

 .\mvnw clean package

Now you should have the generated executable jar file under the target directory and the two release archives: one for Windows, the other for Linux/MacOS.

Run Winfoom

The prepackaged winfoom-windows.zip for Windows systems, contains the following executable files:

  • launch.bat launches the application
  • launchGui.bat launches the application in graphical mode
  • foomcli.bat manages the application in GUI-less mode

The prepackaged winfoom-unix.zip for Linux/MacOS systems, contains the following executable files:

  • launch.sh launches the application (needs to be made executable)
  • foomcli.sh manages the application in GUI-less mode (needs to be made executable)

On Windows systems, Winfoom can be launched by double-click on launchGui.bat or from the command prompt:

launch

or, to run it in debug mode:

launch --debug

or, to run it in the graphical mode:

launch --gui

On Linux/MacOS systems, there is no graphical mode available. Make sure the *.sh files are executable. To run Winfoom, execute in a terminal:

./launch.sh

or, to run it in debug mode:

./launch.sh --debug

Winfoom can be launched with modified Java and system parameters by defining the environment variable FOOM_ARGS. For example:

FOOM_ARGS=-Dsocket.soTimeout=10 -Dconnection.request.timeout=60

👉 Note: It's a good idea to add the Winfoom's home directory to the PATH environment variable.

Winfoom's logs

The application log file is placed under out/logs directory.

Configuration

User settings

The graphical mode (Windows only)

Winfoom has a graphical user interface that allows configuration.

The first thing to select is the proxy type:

  1. HTTP - if the upstream proxy is NTLM or any other HTTP proxy
  2. SOCKS4 - if the upstream proxy is SOCKS version 4
  3. SOCKS5 - if the upstream proxy is SOCKS version 5
  4. PAC - if the proxy is using a Proxy Auto Config file
  5. DIRECT - no proxy, used for various testing environments

Then fill in the required fields. You can use the field's tooltip to get more information.

To put the application in autostart mode or autodetect mode see the Settings menu.

The command line mode (all systems)

If you run the application in non-graphical mode, Winfoom exposes an API accessible over HTTP on a local port (default 9999, configurable), that allows configuration and management.

The script foomcli provides easy access to this API.

👉 Note: The foomcli script requires curl. The current version of WIndows 10 provides it by default. You can check if it is available by executing curl --version in your terminal. If you see something like command not found then you need to manually install it.

To get help about the usage execute:

foomcli --help (on Linux/MacOS is ./foomcli.sh --help)

👉 Note: You can move the script foomcli whatever location you want. It is not required to be in the Winfoom's directory.

Examples

After launching Winfoom, check the status of the local proxy facade:

foomcli status

If the local proxy is stopped, you cat start it with:

foomcli start

but before that, you need to configure it. Execute:

foomcli config

to get the current configuration. You'll get something like:

{
"proxyType" : "DIRECT",
"localPort" : 3129,
"proxyTestUrl" : "https://example.com"
}

The output is in JSON format. The name of the fields is self-descriptive. Suppose you want to configure Winfoom for an HTTP proxy. First, change the proxy type to HTTP with:

foomcli config -t http

Then, executing foomcli config again, the output is something like:

{
  "proxyType" : "HTTP",
  "proxyHost" : "",
  "proxyPort" : 0,
  "localPort" : 3129,
  "proxyTestUrl" : "http://example.com",
  "useCurrentCredentials" : true
}

The field useCurrentCredentials only appears on Windows. When the value is true, it means Winfoom will use the current user's credentials also will automatically handle the upstream proxy protocol; otherwise, you will have to provide the user and password (or DOMAIN\user and password).

To change the above values, copy the content of the output into a text file named, let's say, http_config.json in the same directory, and edit the field's values accordingly:

{
"proxyType" : "HTTP",
"proxyHost" : "192.168.0.105",
"proxyPort" : 80,
"localPort" : 3129,
"proxyTestUrl" : "http://example.com"
}

To load the new values, execute:

foomcli config -f http_config.json

and check the new configuration with foomcli config to be sure everything is as expected.

Now you can start the local proxy facade with foomcli start. At this moment you should be able to use Winfoom as a proxy facade in your browser.

On Windows, if you want to provide your own credentials, change the useCurrentCredentials value to false by editing http_config.json file like this:

{
"proxyType" : "HTTP",
"useCurrentCredentials" : false
}

Execute foomcli config -f http_config.json again, then foomcli config to see the result:

{
  "proxyType" : "HTTP",
  "proxyHost" : "192.168.0.105",
  "proxyPort" : 80,
  "proxyUsername" : null,
  "proxyPassword" : null,
  "localPort" : 3129,
  "proxyTestUrl" : "http://example.com",
  "useCurrentCredentials" : false,
  "httpAuthProtocol" : null
}

Edit the http_config.json file again to fill in the required fields:

{
  "proxyType" : "HTTP",
  "proxyUsername" : "user",
  "proxyPassword" : "password",
  "httpAuthProtocol" : "NTLM"
}

Execute foomcli config -f http_config.json again and start the local proxy server.

If you want to shut down Winfoom execute foomcli shutdown


On Linux/MacOS or Windows with useCurrentCredentials=false, if the proxy type is HTTP you need to set the httpAuthProtocol field, which is the proxy protocol: one of NTLM, BASIC values.

If the proxy type is PAC, then the output of the foomcli config command would be like:

{
  "proxyType" : "PAC",
  "proxyUsername" : "DOMAIN\\winfoom",
  "proxyPassword" : "***",
  "proxyPacFileLocation" : "C:\\path_to\\proxy-ntlm-auth.pac",
  "blacklistTimeout" : 30,
  "localPort" : 3129,
  "proxyTestUrl" : "https://example.com",
  "pacHttpAuthProtocol" : "NTLM"
}

The possible values of pacHttpAuthProtocol field are: NTLM, BASIC. You need to set this field only when the PAC file points to at least one upstream HTTP proxy.


To put Winfoom in autostart mode first execute:

foomcli settings

The output would be something like:

{
"autostart" : false,
"autodetect" : false,
"appVersion" : "3.0.1",
"apiPort" : 9999
}

Copy the output into a file named, let's say, settings.json and modify accordingly:

{
"autostart" : true
}

Since we only modify the autostart option, the other fields are dropped off.

To load the new values, execute:

foomcli settings -f settings.json

then check the new settings with foomcli settings

👉 Note: If you modify the apiPort then you need to set the variable FOOM_LOCATION. (For example FOOM_LOCATION=localhost:[your new port])

👉 WARNING: All the provided passwords are stored encoded BASE64 without any encryption. Make sure you protect the access to the config directory!

System settings

The system settings configuration file is config/system.properties.

Please do not modify this file unless absolutely necessary. It is advisable to post your issue in Issues Section first.

The available settings:

Key Description Type Default value
maxConnections.perRoute Connection pool property: max polled connections per route Integer 20
maxConnections Connection pool property: max polled connections Integer 600
internalBuffer.length The max size of the entity buffer (bytes) Integer 102400
connectionManager.clean.interval The frequency of running purge idle on the connection manager pool (seconds) Integer 30
connectionManager.idleTimeout The connections idle timeout, to be purged by a scheduled task (seconds) Integer 30
serverSocket.backlog The maximum number of pending connections Integer 1000
socket.soTimeout The timeout for read/write through socket channel (seconds) Integer 60
socket.connectTimeout The timeout for socket connect (seconds) Integer 20
pacScriptEngine.pool.maxTotal The pacScriptEngine pool maximum total instances Integer 100
pacScriptEngine.pool.minIdle The pacScriptEngine pool min idle instances Integer 20
connection.request.timeout The timeout for request connection (seconds) Integer 30
apiServer.request.timeout The timeout for API commands (seconds) Integer 10

Authentication

  • For HTTP proxy type, Winfoom uses the current Windows user credentials to authenticate to the upstream proxy, unless you uncheck the Use system credentials checkbox. On Linux/MacOS or on Windows with Use system credentials unchecked you need to provide the user and password (or DOMAIN\user and password if the DOMAIN is required)
  • For SOCKS5 proxy type, the user/password need to be provided when required.
  • For PAC proxy type, starting with v3.4.0, there is some support for authentication (still, keep in mind that the PAC protocol does not support authentication) when:
    1. All upstream proxy servers accept the same credentials.
    2. On Windows, if the proxyUsername field is empty, the current user's credentials are used for authentication.
    3. On Unix based systems, if the proxyUsername field is empty the authentication is disabled.
    4. On all systems, when the proxyUsername field is not empty, the provided proxyUsername/proxyPassword are used for authentication. If at least one of the upstream proxy servers is of HTTP type, the field pacHttpAuthProtocol needs to be provided.

Error codes

Starting with v2.6.0 Winfoom gives back the following HTTP error codes when there is no response from the upstream proxy for various reasons:

Proxy type HTTP error code When
ALL 502 The upstream proxy is not available
SOCKS/DIRECT 504 The giving address is not reachable
PAC 502 All upstream proxies are blacklisted
ALL 500 Any other error

Test

To test it, open a browser, let's say Firefox and configure proxy like this:

firefox

Now you should be able to access any URL without Firefox asking for credentials.

If you don't have an available proxy, you still can test Winfoom by installing WinGate and configure it to act as a NTML proxy.

TODOs

  • Proper unit testing

Coding Guidance

Please review these docs below about coding practices.

Feedback

Any feedback or suggestions are welcome. It is hosted with an Apache 2.0 license so issues, forks and PRs are most appreciated.

Comments
  • Multiple HTTP calls fail on the same connection

    Multiple HTTP calls fail on the same connection

    Thank you for this excellent piece of software. It is very helpful to authenticate my Java REST client to an IIS server requiring NTLM authentication.

    Bug description When putting multiple requests on the same HTTP connection my HTTP REST client ends up with an IOException. My HTTP REST client is using Apache HTTP Client as well, and using WinFoom as a Proxy Server to handle NTLM authentication to a IIS Web Server. Therefore I'm using the HTTP proxy mode:

    { "proxyType" : "HTTP", "proxyHost" : "172.16.1.10", "proxyPort" : 8020, "proxyUsername" : "web-user", "proxyPassword" : "*******", "localPort" : 3129, "proxyTestUrl" : "http://example.com", "httpAuthProtocol" : "NTLM" }

    my HTTP REST client is also using a shared connection manager with a PoolingHttpClientConnectionManager. What I see is that the initial request is from my REST client is working fine, but the subsequent request on the same connection fails with an IOException. When doing the second request I noticed that WinFoom has already closed the socket, without informing the requester (my REST client)

    I.e. Im doing a HTTP GET followed by a HTTP POST on the samen connection. When running WinFoom in debug mode I clearly see that he socket is already closed, after the first HTTP GET. I suspect that the socket is closed without informing my REST client, so therefore it assumes the HTTP connection is still open.

    To Reproduce Steps to reproduce the behaviour:

    1. Make subsequent HTTP calls on the same connection
    2. The first call succeeds, the second one fails

    Log

    08-04-2022 14:27:58.859 [pool-1-thread-2] DEBUG o.a.h.impl.execchain.MainClientExec.execute - Executing request GET http://iis-webserver.local.domain:8020/services/Exact.Entity.REST.EG/Resource?$top=1&$filter=ID%20eq%2012570&$select=ID HTTP/1.1
    08-04-2022 14:27:58.859 [pool-1-thread-2] DEBUG o.a.h.impl.execchain.MainClientExec.execute - Target auth state: HANDSHAKE
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG o.a.h.impl.execchain.MainClientExec.execute - Proxy auth state: UNCHALLENGED
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> GET http://iis-webserver.local.domain:8020/services/Exact.Entity.REST.EG/Resource?$top=1&$filter=ID%20eq%2012570&$select=ID HTTP/1.1
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Accept: application/json
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> ServerName: sqldb.local.domain
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> DatabaseName: 123
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Cache-Control: no-store, no-cache
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Content-Type: application/json; charset=utf-8
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Host: iis-webserver.local.domain:8020
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Proxy-Connection: Keep-Alive
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> User-Agent: Apache-HttpClient/4.4.1 (Java/1.8.0_292)
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Accept-Encoding: gzip,deflate
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Via: 1.1 winfoom
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.headers.onRequestSubmitted - http-outgoing-24 >> Authorization: NTLM **********************
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "GET http://iis-webserver.local.domain:8020/services/Exact.Entity.REST.EG/Resource?$top=1&$filter=ID%20eq%2012570&$select=ID HTTP/1.1[\r][\n]"
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Accept: application/json[\r][\n]"
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "ServerName: sqldb.local.domain[\r][\n]"
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "DatabaseName: 123[\r][\n]"
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Cache-Control: no-store, no-cache[\r][\n]"
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Content-Type: application/json; charset=utf-8[\r][\n]"
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Host: iis-webserver.local.domain:8020[\r][\n]"
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Proxy-Connection: Keep-Alive[\r][\n]"
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "User-Agent: Apache-HttpClient/4.4.1 (Java/1.8.0_292)[\r][\n]"
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Accept-Encoding: gzip,deflate[\r][\n]"
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Via: 1.1 winfoom[\r][\n]"
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "Authorization: NTLM **********************=[\r][\n]"
    08-04-2022 14:27:58.860 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 >> "[\r][\n]"
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "HTTP/1.1 200 OK[\r][\n]"
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "Cache-Control: no-cache[\r][\n]"
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "Content-Length: 20[\r][\n]"
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "Content-Type: application/json;odata=verbose;charset=utf-8[\r][\n]"
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "Server: Microsoft-HTTPAPI/2.0[\r][\n]"
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "X-Content-Type-Options: nosniff[\r][\n]"
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "DataServiceVersion: 2.0;[\r][\n]"
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "Date: Fri, 08 Apr 2022 12:27:58 GMT[\r][\n]"
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "[\r][\n]"
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.wire.wire - http-outgoing-24 << "{"d":{"results":[]}}"
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << HTTP/1.1 200 OK
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << Cache-Control: no-cache
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << Content-Length: 20
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << Content-Type: application/json;odata=verbose;charset=utf-8
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << Server: Microsoft-HTTPAPI/2.0
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << X-Content-Type-Options: nosniff
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << DataServiceVersion: 2.0;
    08-04-2022 14:27:59.392 [pool-1-thread-2] DEBUG org.apache.http.headers.onResponseReceived - http-outgoing-24 << Date: Fri, 08 Apr 2022 12:27:58 GMT
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.a.h.impl.execchain.MainClientExec.execute - Connection can be kept alive indefinitely
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.a.http.impl.auth.HttpAuthenticator.isAuthenticationRequested - Authentication succeeded
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write status line: HTTP/1.1 200 OK
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: Cache-Control: no-cache
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: Content-Length: 20
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: Content-Type: application/json;odata=verbose;charset=utf-8
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: Server: Microsoft-HTTPAPI/2.0
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: X-Content-Type-Options: nosniff
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: DataServiceVersion: 2.0;
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Write response header: Date: Fri, 08 Apr 2022 12:27:58 GMT
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - Start writing entity content
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager.releaseConnection - Connection [id: 24][route: {}->http://172.16.1.10:8020->http://iis-webserver.local.domain:8020][state: web-user] can be kept alive indefinitely
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.a.h.i.c.DefaultManagedHttpClientConnection.setSocketTimeout - http-outgoing-24: set socket timeout to 0
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager.releaseConnection - Connection released: [id: 24][route: {}->http://172.16.1.10:8020->http://iis-webserver.local.domain:8020][state: web-user][total available: 2; route allocated: 2 of 20; total allocated: 2 of 600]
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.p.p.NonConnectClientConnectionProcessor.handleRequest - End writing entity content
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG o.k.w.proxy.ClientConnectionHandler.handleConnection - Done handling request: GET http://iis-webserver.local.domain:8020/services/Exact.Entity.REST.EG/Resource?$top=1&$filter=ID%20eq%2012570&$select=ID HTTP/1.1
    08-04-2022 14:27:59.393 [pool-1-thread-2] DEBUG org.kpax.winfoom.util.InputOutputs.close - Close socket
    08-04-2022 14:28:26.411 [scheduling-1] DEBUG o.k.w.proxy.ConnectionPoolingManager.cleanUpConnectionManager - Execute connection manager pool clean up task
    

    Notice that no logging is being done for the HTTP POST as the socket is closed, without informing the client.

    Context information:

    • WinFoom 4.0.2
    • JDK Temurin-17.0.2+8
    • REST client is using Apache HTTP 4.4.1 client with connections sharing enabled through a connection pool.
    bug status:fixed 
    opened by sveldhuisen 14
  • Validation failed with status code 500

    Validation failed with status code 500

    Bug description Hi, I just found this project and wanted to try it out. Sadly i was not able to connect to the internet. I get this Error Message if I use the Test Button

    Validation failed with status code 500 reason: Proxy Auto Config javascript file: content not acceptable

    We use an PAC file. With PX Proxy everything working fine out of the box, no config necessary.

    To Reproduce Steps to reproduce the behavior:

    1. Start winfoom in GUI Mode
    2. Click autodetect
    3. Click start
    4. Click test

    Expected behavior Success message.

    Log I can't attach the log because it contains the full pac file and I don't think I'm allowed to share that.

    Screenshots Screenshot 2021-12-15 101029

    Context information:

    • Application version v4.0.0
    • JRE version: adoptopenjdk 11.0.12-7

    Additional context none

    bug status:fixed 
    opened by mnisius 9
  • * Add local address and api address

    * Add local address and api address

    Hi Eugen,

    In the light of Open Source software, I thought it would be good to give something back to this project.

    Winfoom's listeners are currently binding on all available addresses. This can be a security issue, as the proxy can be open to the entire network.

    This is not a problem for normal proxy usage. However, when Winfoom is used to access a protected API on an IIS server, the rest of the world is not allowed to do so.

    So I have enhanced Winfoom to make the socket listener configurable so that it can be made available only on localhost, for example.

    I have also made the API address configurable, so that it can be shielded from the rest of the network as well.

    I hope you appreciate my contribution. I'm not a Java guru myself, but I think the enhancement works fine.

    opened by sveldhuisen 3
  • encode() not working for a JSON settings file

    encode() not working for a JSON settings file

    Bug description When using WinFoom on Linux I am using a JSON file for my settings. When I use "encode(....)" within that JSON file it is not being interpreted. The literal "encode(....)" ends up as the effective password, instead of the base64 decoded value within the "encode()" tag.

    To Reproduce Steps to reproduce the behavior:

    1. Just make a JSON setting file with the encode() tag for the password.

    Expected behavior I would expect that the System init would decode the provided value, just like with using a properties file

    opened by sveldhuisen 2
  • Fix Log4shell Zero-Day exploit vulnerabilities

    Fix Log4shell Zero-Day exploit vulnerabilities

    Bug description The latest Winfoom release contains dependencies that make Winfoom probably vulnerable against log4Shell/CVE-2021-44228.

    As you can see in the Logback news, Logback provided a security fix along version 1.2.9, but Winfoom uses version 1.2.5. log4shell

    Log4j-API 2.14.1 is also vulnerable against log4Shell, see Apache Log4j Security Vulnerabilities for more details. I recommend to use Log4j-API 2.17.2 .

    Current dependencies found in Windfoom 4.0.1: winfoom

    enhancement status:fixed 
    opened by hgschwibbe 2
  • Update log4j to new version

    Update log4j to new version

    Hi,

    I wanted to test winfoom but recognized, that the prepackaged release 4.0.1 contains log4j 2.14.1. Is there any chance to upgrade this library easily and release a new version?

    Greetings, Peter

    opened by onlygecko 2
  • Support

    Support "Automatic proxy detection" under windows

    Feature request's description We are in a situation, where we constantly switch between beeíng connected to a corporate VPN and not beeing connected to it.

    Our windows proxy setting is always set to automatic detection.

    While we are connected to the corporate VPN, windows manages to identify that it should use the PAC file and configures the proxy based upon it.

    However when we leave the VPN, windows sees, that there is no longer a PAC available and uses a DIRECT connection.

    This setup seems to be not supported by winfoom directly right now. I can obviously change between PAC and DIRECT manually whenever I connect / disconnect the VPN, but thats not a good workflow.

    The solution Winfoom simply uses the proxy which windows would also use

    Alternatives Not sure how easy the windows proxy can be checked. An alternative could be to simply check the existance of the wpad file in regular timeframes (ideally every few seconds) and if it's not there, simply fallback to DIRECT.

    Does this request make sense? Should it be supported already and I'm doing something wrong?

    opened by pfeigl 2
Releases(v4.0.3)
Owner
Eugen Covaci
Java programmer since 2005
Eugen Covaci
A hybrid chat android application based on the features of Instagram and Whatsapp having UI just as Telegram.

GupShup About App It is a free online chat android application, enabling user to create a free user account and then log in using the credentials. Aft

Ratik Tiwari 1 May 22, 2022
Customize your device even more by having two separate sets of wallpapers for light and dark mode.

DualWallpaper You can help me out with translations here. Customize your device even more by having two separate sets of wallpapers for light and dark

Yann 18 Dec 25, 2022
A Velocity proxy plugin for Minecraft server discovery in k8s. All discovered servers are automatically added to the Velocity proxy.

kryo-server-discovery This plugin connects minecraft servers to a velocity proxy within Kubernetes. The service account in the namespace which the pro

Kryonite 9 Sep 13, 2022
The application consists of a web page with a list of some movies. The page allows user interaction through ratings of movies listed in the web app.

DSMovie About the project https://matheus-maia-alvarez-dsmovie.netlify.app/ DSMovie is a full stack web and mobile application built during the Spring

Matheus Maia Alvarez 6 Jul 21, 2022
QuickShop is a shop plugin that allows players to easily sell/buy any items from a chest without any commands.

QuickShop is a shop plugin that allows players to easily sell/buy any items from a chest without any commands. In fact, none of the commands that QuickShop provides are ever needed by a player.

Ghost_chu 24 Dec 30, 2022
a proxy for http & https ,write by java,no dependences for other tech

申明 本项目只是作者记录和分享Java网络编程学习心得,请勿用于非法用途,否则后果自负! 原理介绍博客: https://blog.csdn.net/wang382758656/article/details/123098032 https://juejin.cn/post/706921880022

Sand 58 May 3, 2022
Tuya 37 Dec 26, 2022
httpx - CLI to test HTTP/gRPC/RSocket/Kafka... services by HTTP DSL

httpx: CLI for run http file httpx is a CLI to execute requests from JetBrains Http File. Request types supported by httpx HTTP REST PUB/SUB - Apache

servicex-sh 105 Dec 15, 2022
💡极致性能的企业级Java服务器框架,RPC,游戏服务器框架,web应用服务器框架。(Extreme fast enterprise Java server framework, can be RPC, game server framework, web server framework.)

?? 为性能而生的万能服务器框架 ?? Ⅰ. zfoo简介 ?? 性能炸裂,天生异步,Actor设计思想,无锁化设计,基于Spring的MVC式用法的万能RPC框架 极致序列化,原生集成的目前二进制序列化和反序列化速度最快的 zfoo protocol 作为网络通讯协议 高可拓展性,单台服务器部署,

null 1k Jan 1, 2023
LimboAuth - Minecraft Auth System for Velocity proxy built in virtual server (Limbo).

LimboAuth Auth System built in virtual server (Limbo). MC-Market SpigotMC.org Описание и обсуждение на русском языке (spigotmc.ru) Описание и обсужден

Elytrium 89 Jan 4, 2023
A generic proxy server for applying access-control policies for a FHIR-store.

FHIR Access Proxy This is a simple access-control proxy that sits in front of a FHIR store (e.g., a HAPI FHIR server, GCP FHIR store, etc.) and contro

Google 17 Jan 5, 2023
This is a Velocity plugin that makes it possible to host a modern forge server behind a Velocity proxy!

Ambassador This is a Velocity plugin that makes it possible to host a modern forge server behind a Velocity proxy! Unlike other solutions, this plugin

Adrian Bergqvist 31 Dec 28, 2022
Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...

Log4j CVE-2021-44228 and CVE-2021-45046 Requisites Use a vulnerable JDK, for instance JDK 1.8.0_181 Usage Malicious server The malicious server deploy

Manuel Álvarez Álvarez 5 Feb 7, 2022
Xerath - 🔪 AOP development framework implemented through *Annotation + ASM + Gradle Transform API* for Android🤖

简体中文 | English | Xerath Xerath 是一个通过 [自定义注解]+ASM + Gradle Transform API 实现的一套功能强大,方便开发,并且能够有效减少重复代码的Android Aop 框架。 旨在编译器进行全局性的修改,来完成一些诸如方法耗时统计,异常收集,拦

Pumpkin 325 Nov 22, 2022
DM Movie is an app with several movies catalogued through a database, you enter your email and your rating of the movie

DM Movie is an app with several movies catalogued through a database, you enter your email and your rating of the movie

Davi M. G. de Almeida 5 Jan 28, 2022
ijrd - internal java runtime debugger (loads through java agents LOL)

ijrd ijrd - internal java runtime debugger (loads through java agents LOL) this actually requires brain to build and then setup little guide to setup

null 6 Jan 28, 2022
Project developed in Block 1 through the Generation bootcamp

PROJETO JAVA - CCHIV COMBATE CONTRA O HIV COMO SURGIU ? É um software criado para facilitar a forma de atender o público de pessoas portadoras do HIV

Paulo Brisola 4 Jul 5, 2022
A custom minimap that displays resources all around you while you adventure through Aeternum!

New-World-MiniMap A custom minimap that displays resources all around you while you adventure through Aeternum! Download Download Page Minimap.rar Oth

Mal Ball 7 Dec 9, 2021
Service that will swap rbtc for btc and then initiated a loopin through lnd-loop

Code https://github.com/grmkris/marduk-admin-frontend https://github.com/grmkris/marduk-admin-backend RSK balances https://wiki.sovryn.app/en/technica

Kris 2 Dec 31, 2021