php，CURLAUTH_NTLM和身份驗證不適用於NTLM代理

Question

我正在嘗試通過公司NTLM代理服務器從Windows 7上的php腳本使用Internet。 目標是通過php解析外部網頁。

在Internet上漫長的挖掘之后，我嘗試了幾種無效的解決方案，例如那些（以及很多變體）：

$PROXY_HOST = "10.10.20.30"; // Proxy server address
$PROXY_PORT = "8080";    // Proxy server port
$PROXY_USER = "myuser";    // Username
$PROXY_PASS = "mypass";   // Password

$auth = base64_encode("$PROXY_USER:$PROXY_PASS");
stream_context_set_default(
 array(
  'http' => array(
   'proxy' => "tcp://$PROXY_HOST:$PROXY_PORT",
   'request_fulluri' => true,
   'header' => "Proxy-Authorization: Basic $auth"
  )
 )
);

還是這個

$proxy = "10.10.20.30:8080";
$useragent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1";
$url = "https://www.google.com";
$credentials = "myuser:mypass";

$ch = curl_init();
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,15);
curl_setopt($ch, CURLOPT_HTTP_VERSION,'CURL_HTTP_VERSION_1_1' );
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
curl_setopt($ch, CURLOPT_PROXYUSERPWD,$credentials);
curl_setopt($ch, CURLOPT_USERAGENT,$useragent);
curl_setopt($ch, CURLOPT_URL, $url);
 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);
$result=curl_exec ($ch);
curl_close ($ch);

echo 'RES: '.$result;

Firefox（Chrome，IE）可以很好地處理NTLM，但我不知道如何在php中實現。

基本上，我假設我應該模擬瀏覽器的功能：-發出http請求-隨機獲得-使用我的憑據制作MD4（5）-等等

為什么在我的情況下CURLAUTH_NTLM無法正常工作？ 我可以繞過php函數並使用某些Windows本機（但存在嗎？）來獲取網址並通過此方法獲取文本？

提前致謝，

編輯＃1

這是我的CURL設置

編輯＃2

這是FF網絡分析

編輯＃3

嗯...我將PHP版本升級到最新的7.2.3（而不是5.5.12），並且幾乎開始使用NIGHTMARE代理服務器了：）

*   Trying 10.10.10.10...
* TCP_NODELAY set
* Connected to 10.10.10.10 (10.10.10.10) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to google.com:443
* Proxy auth using NTLM with user 'myuser'
> CONNECT google.com:443 HTTP/1.1
Host: google.com:443
Proxy-Authorization: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
==
Proxy-Connection: Keep-Alive

< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
< Proxy-Connection: keep-alive
< Content-Length: 0
<
* Establish HTTP proxy tunnel to google.com:443
* Proxy auth using NTLM with user 'myuser'
> CONNECT google.com:443 HTTP/1.1
Host: google.com:443
Proxy-Authorization: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
Proxy-Connection: Keep-Alive

< HTTP/1.0 200 Connection established
< Via: HTTP/1.1 proxy10505
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering http/1.1
* CONNECT phase completed!
* CONNECT phase completed!
* error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied
* stopped the pause stream!
* Closing connection 0

ERR: error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied
Array
(
    [url] => https://google.com/
    [content_type] =>
    [http_code] => 0
    [header_size] => 231
    [request_size] => 562
    [filetime] => -1
    [ssl_verify_result] => 1
    [redirect_count] => 0
    [total_time] => 0.375
    [namelookup_time] => 1.0E-6
    [connect_time] => 0.094
    [pretransfer_time] => 0
    [size_upload] => 0
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 0
    [download_content_length] => -1
    [upload_content_length] => -1
    [starttransfer_time] => 0
    [redirect_time] => 0
    [redirect_url] =>
    [primary_ip] => 10.10.10.10
    [certinfo] => Array
        (
        )

    [primary_port] => 8080
    [local_ip] => 10.10.10.10
    [local_port] => 49902
)

CURL版本是

OUT: Array
(
    [version_number] => 473344
    [age] => 4
    [features] => 2428829
    [ssl_version_number] => 0
    [version] => 7.57.0
    [host] => i386-pc-win32
    [ssl_version] => OpenSSL/1.1.0g
    [libz_version] => 1.2.11
    [protocols] => Array
        (
            [0] => dict
            [1] => file
            [2] => ftp
            [3] => ftps
            [4] => gopher
            [5] => http
            [6] => https
            [7] => imap
            [8] => imaps
            [9] => ldap
            [10] => pop3
            [11] => pop3s
            [12] => rtsp
            [13] => scp
            [14] => sftp
            [15] => smb
            [16] => smbs
            [17] => smtp
            [18] => smtps
            [19] => telnet
            [20] => tftp
        )

)

現在什么意思這個錯誤？

錯誤：14094419：SSL例程：ssl3_read_bytes：tlsv1警報訪問被拒絕

Answer 1

有些人將CNTLM代理用於此類問題。

為什么在我的情況下CURLAUTH_NTLM無法正常工作？

也許不支持。 運行phpinfo並檢查CURLAUTH_NTLM的前提條件是否正確：

您需要使用OpenSSL，GnuTLS或NSS支持來構建libcurl，此選項才能起作用，或者需要在具有SSPI支持的Windows上構建libcurl。

Answer 2

替換為：

curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);

這樣：

curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);

參見https://curl.haxx.se/libcurl/c/CURLOPT_PROXYAUTH.html