Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
proxying-agent
Advanced tools
This is a node http agent capable of forward proxying HTTP/HTTPS requests.
It supports the following:
The agent inherits directly from the http.Agent
Node object so it benefits from all
the socket handling goodies that come with it.
npm install proxying-agent
Returns a new agent configured correctly to proxy to the specified target.
options
- (string|object) proxy url string or object with the following options:
proxy
- Specifies the proxy url. The supported format is http[s]://[auth@]host:port
where auth
is the authentication information in the form of username:password
. The authentication information can also be
in the form of a Base64 encoded user:password
, e.g. http://dXNlcm5hbWU6cGFzc3dvcmQ=@proxy.example.com:8080
.
if the username for NTLM needs to be in the domain\username
format, specify domain%5Cusername
insteadtlsOptions
- TLS connection options to use when the target server protocol is https
. See http://nodejs.org/api/tls.html#tls_tls_connect_options_callback for a list of available optionsauthType
- Proxy authentication type. Possible values are basic
and ntlm
(default is basic
)ntlm
- (beta) applicable only if authType
is ntlm
. Supported fields:
domain
(required) - the NTLM domainworkstation
(optional) - the local machine hostname (os.hostname() is not specified)target
- the target url that the agent is to proxySet a global agent to forward all http and https requests through the specified proxy.
Make sure to call this method before invoking any other http request.
After globalize
is invoked, all http and https requests will automatically tunnel through the proxy.
options
- See create
method require('proxying-agent').globalize('http://proxy.example.com:8080');
var proxyingAgent = require('proxying-agent').create('http://proxy.example.com:8080', 'http://example.com');
var req = http.request({
host: 'example.com',
port: 80,
agent: proxyingAgent
});
var proxyingAgent = require('proxying-agent').create('http://proxy.example.com:8080', 'https://example.com');
var req = https.request({
host: 'example.com',
port: 443,
agent: proxyingAgent
});
var proxyingAgent = require('proxying-agent').create('http://username:password@proxy.example.com:8080', 'https://example.com');
var req = https.request({
host: 'example.com',
port: 443,
agent: proxyingAgent
});
When authenticating using NTLM it is important to delay sending the request data until the socket is assigned to the request. Failing to do so will result in the socket being prematurely closed, preventing the NTLM handshake from completing.
var proxyOptions = {
proxy: 'http://username:password@proxy.example.com:8080',
authType: 'ntlm',
ntlm: {
domain: 'MYDOMAIN'
}
};
var proxyingAgent = require('proxying-agent').create(proxyOptions, 'https://example.com');
var req = https.request({
host: 'example.com',
port: 443,
agent: proxyingAgent
});
req.on('socket', function(socket) {
req.write('DATA');
req.end();
});
Copyright 2016 Capriza. Code released under the MIT license
FAQs
Node HTTP/HTTPS Forward Proxy Agent
The npm package proxying-agent receives a total of 12,522 weekly downloads. As such, proxying-agent popularity was classified as popular.
We found that proxying-agent demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.