Squid proxy helper for validating bcrypt hashed passwords.
The helper is src/basic_bcrypt_auth.py
.
A squid helper that allows squid to validate usernames and passwords it receives from basic authentication against bcrypt hashes.
- Run
docker compose up
- Set your http and https proxy to
http://myproxyuser:myproxypassword@127.0.0.1:3128
and browse to something like http://neverssl.com.- You should get through to the site you're attempting to browse to.
- Now set your http and https proxy to
http://127.0.0.1:3128
and try again- You should get an HTTP 407 error
- Checkout
src/squid.conf
- especially this line:
auth_param basic program /usr/lib/squid/basic_bcrypt_auth.py /etc/squid/passwords
The squid helper is opinionated.
-
It assumes that you are creating your bcrypt hash via the
htpasswd
tool, which is often times found throughout Squid proxy documentation for generating basic authentication credential files.-
For example:
htpasswd -cbB -C 10 /etc/squid/passwords <username> <password>
-
This creates a new password file, using bcrypt as the hashing algorithm, with a cost factor of 10.
-
-
It loads your password file contents (usernames and hashes) into memory at the start of the program.
- It assumes your underlying host is ephemeral.
- Due to the ephemeral nature of the host, it assumes your credential file is generated as part of the host's bootstrap process.