Composer HTTP Proxy Test

proxy-test.php

<?php                                                                                                                                                                                                              
error_reporting(E_ERROR);                                                                                                                                                                                            
@ini_set('display_errors', 'Off');                                                                                                                                                                                  

echo "Unencrypted HTTP ";                                                                                                                                                                                          
check('http://packagist.org/packages.json', false);                                                                                                                                                                

echo "\nEncrypted HTTPS ";                                                                                                                                                                                         
check('https://packagist.org/packages.json', true);                                                                                                                                                                
echo "\n";                                                                                                                                                                                                         

function check($url, $ssl) {                                                                                                                                                                                       
    foreach (array(false, true) as $fulluri) {                                                                                                                                                                     
        $httpRes = file_get_contents($url, false, createContext($url, $ssl, $fulluri));                                                                                                                            
        echo $fulluri ? 'FULL-' : 'PATH-';                                                                                                                                                                         
        echo strpos($httpRes, 'provider-includes') !== false ? 'OK ' : 'FAIL ';                                                                                                                                    
    }
}

function createContext($url, $ssl, $fulluri)
{
    $options = array('http' => array(
    ));

    if (PHP_SAPI === 'cli' && (!empty($_SERVER['HTTP_PROXY']) || !empty($_SERVER['http_proxy']))) {
        $proxy = parse_url(!empty($_SERVER['http_proxy']) ? $_SERVER['http_proxy'] : $_SERVER['HTTP_PROXY']);
        echo 'HTTP_PROXY ';
    }
    if (!empty($_SERVER['CGI_HTTP_PROXY'])) {
        $proxy = parse_url($_SERVER['CGI_HTTP_PROXY']);
        echo 'CGI_HTTP_PROXY ';
    }
    if (preg_match('{^https://}i', $url) && (!empty($_SERVER['HTTPS_PROXY']) || !empty($_SERVER['https_proxy']))) {
        $proxy = parse_url(!empty($_SERVER['https_proxy']) ? $_SERVER['https_proxy'] : $_SERVER['HTTPS_PROXY']);
        echo 'HTTPS_PROXY ';
    }
    if (!empty($_SERVER['NO_PROXY']) || !empty($_SERVER['no_proxy']) && parse_url($url, PHP_URL_HOST)) {
        echo 'NO_PROXY ';
    }
    if (!empty($proxy)) {
        $proxyURL = isset($proxy['scheme']) ? $proxy['scheme'] . '://' : '';
        $proxyURL .= isset($proxy['host']) ? $proxy['host'] : '';
        if (isset($proxy['port'])) {
            $proxyURL .= ":" . $proxy['port'];
        } elseif ('http://' == substr($proxyURL, 0, 7)) {
            $proxyURL .= ":80";
        } elseif ('https://' == substr($proxyURL, 0, 8)) {
            $proxyURL .= ":443";
        }
        $proxyURL = str_replace(array('http://', 'https://'), array('tcp://', 'ssl://'), $proxyURL);
        if (0 === strpos($proxyURL, 'ssl:') && !extension_loaded('openssl')) {
            throw new \RuntimeException('You must enable the openssl extension to use a proxy over https');
        }
        $options['http']['proxy'] = $proxyURL;
        $options['http']['request_fulluri'] = $fulluri;
        if ('https' === parse_url($url, PHP_URL_SCHEME)) {
            $options['ssl']['SNI_enabled'] = true;
            if (PHP_VERSION_ID < 50600) {
                $options['ssl']['SNI_server_name'] = parse_url($url, PHP_URL_HOST);
            }
        }
        if (isset($proxy['user'])) {
            $auth = urldecode($proxy['user']);
            if (isset($proxy['pass'])) {
                $auth .= ':' . urldecode($proxy['pass']);
            }
            $auth = base64_encode($auth);

            $options['http']['header'] = array("Proxy-Authorization: Basic {$auth}");
        }
    }
    $options['http']['header'][] = 'User-Agent: Proxy-Test';
    uasort($options['http']['header'], function ($el) {
        return preg_match('{^content-type}i', $el) ? 1 : -1;
    });

    return stream_context_create($options);
}

Unencrypted HTTP PATH-OK FULL-OK 
Encrypted HTTPS PATH-OK FULL-OK 

Unencrypted HTTP PATH-FAIL FULL-OK
Encrypted HTTPS PATH-OK FULL-OK

Unencrypted HTTP HTTP_PROXY PATH-FAIL HTTP_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY PATH-OK HTTP_PROXY HTTPS_PROXY FULL-OK

Unencrypted HTTP HTTP_PROXY NO_PROXY PATH-FAIL HTTP_PROXY NO_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY NO_PROXY PATH-OK HTTP_PROXY HTTPS_PROXY NO_PROXY FULL-OK

Unencrypted HTTP HTTP_PROXY NO_PROXY PATH-FAIL HTTP_PROXY NO_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY NO_PROXY PATH-OK HTTP_PROXY HTTPS_PROXY NO_PROXY FULL-OK

Received this elsewhere:

Unencrypted HTTP HTTP_PROXY PATH-OK HTTP_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY PATH-OK HTTP_PROXY HTTPS_PROXY FULL-FAIL

Unencrypted HTTP PATH-OK FULL-OK Encrypted HTTPS PATH-OK FULL-OK

Unencrypted HTTP PATH-FAIL FULL-FAIL Encrypted HTTPS PATH-OK FULL-OK

Unencrypted HTTP PATH-OK FULL-OK Encrypted HTTPS PATH-OK FULL-OK

at my customer, when using cntlm:

Unencrypted HTTP HTTP_PROXY NO_PROXY PATH-FAIL HTTP_PROXY NO_PROXY FULL-OK 
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY NO_PROXY PATH-FAIL HTTP_PROXY HTTPS_PROXY NO_PROXY FULL-FAIL 

If I add a tinyproxy in front, and always configure it to add the Connection: keep-alive header, I get this result:

Unencrypted HTTP HTTP_PROXY NO_PROXY PATH-OK HTTP_PROXY NO_PROXY FULL-OK 
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY NO_PROXY PATH-OK HTTP_PROXY HTTPS_PROXY NO_PROXY FULL-OK

On centos7.6.1810

I am trying to build a tool as a non-interactive user via sudo without success and it led me to this test. Most other build tools and components seem to grab my proxy settings or allow me to specify them via the direct command line as an option. I haven't cracked Composer though.

variables

$SUDO_WWW = sudo -H -u apache
$RUN_PHP = /usr/bin/scl enable rh-php72

With proxy set for normaluser in .bash_profile, .gitconfig, .curlrc

[normaluser@mybox somedir]$ $RUN_PHP "php proxy-test.php"
Unencrypted HTTP HTTP_PROXY PATH-OK HTTP_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY PATH-FAIL HTTP_PROXY HTTPS_PROXY FULL-FAIL

With proxy set for builduser in .gitconfig, .curlrc

[builduser@mybox somedir]$ $SUDO_WWW $RUN_PHP "php proxy-test.php"
[sudo] password for builduser:
Unencrypted HTTP PATH-FAIL FULL-FAIL
Encrypted HTTPS PATH-FAIL FULL-FAIL

Unencrypted HTTP PATH-FAIL FULL-FAIL Encrypted HTTPS PATH-FAIL FULL-FAIL

Unencrypted HTTP PATH-FAIL FULL-FAIL
Encrypted HTTPS PATH-FAIL FULL-FAIL

@tlay never saw this, but if still relevant, as per your output the HTTP_PROXY/HTTPS_PROXY env vars are not actually set for builduser at all, so no way for Composer to use them.

@juank537 @juliocapuano you do not seem to have any HTTP_PROXY/HTTPS_PROXY environment variables set up, so no proxy can be used.

Unencrypted HTTP HTTP_PROXY PATH-FAIL HTTP_PROXY FULL-OK
Encrypted HTTPS HTTP_PROXY HTTPS_PROXY PATH-OK HTTP_PROXY HTTPS_PROXY FULL-OK

Thank you for your reply. I was trying to get an OSINT capability going for us, but got retasked. It did push me in a direction, which has improved our general intel communication at my organization.

…

-Tony

On Thu, Dec 5, 2019, 7:18 AM Nils Adermann ***@***.***> wrote: @tlay <https://github.com/tlay> never saw this, but if still relevant, as per your output the HTTP_PROXY/HTTPS_PROXY env vars are not actually set for builduser at all, so no way for Composer to use them. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://gist.github.com/377e40c1c76e0fe8b905c1a333c4112a?email_source=notifications&email_token=AA2CW7PRJWJBHFVICKS7KNLQXDWRFA5CNFSM4HYMM4W2YY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAF5KRE#gistcomment-3101970>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA2CW7L7RLECJWOIE55ZIQDQXDWRFANCNFSM4HYMM4WQ> .

Unencrypted HTTP PATH-FAIL FULL-FAIL
Encrypted HTTPS PATH-OK FULL-OK

For me only :
Unencrypted HTTP PATH-FAIL

Unencrypted HTTP PATH-OK FULL-OK
Encrypted HTTPS PATH-FAIL FULL-FAIL