Skip to Content

How to configure cntlm behind a corporate proxy

Posted on One min read

Configure cntlm

Generate a NTLMv2 pass by running the following command, modify myusername and mydomain with your information:

cntlm.exe -u myusername -d mydomain -H

It prompts you to enter the password associated to the username and returns the following output:

PassLM          0256A04135D772BB552C4BCA4AEBFB11
PassNT          F992202B10F163283DA90188E6E10BC3
PassNTLMv2      0EF0DC8D89B4DA044EBF9373C0F60C20   # Only for user 'myusername', domain 'mydomain'

Update the file cntlm.ini by replacing myusername, mydomain and the proxy with your information, then the PassNTLMv2 0EF0DC8D89B4DA044EBF9373C0F60C20 with the result of the previous command.

Username    myusername
Domain      mydomain
Proxy       my_corporate_proxy_server:port
Listen      127.0.0.1:3128
PassNTLMv2  0EF0DC8D89B4DA044EBF9373C0F60C20

Congratulations! You have now a local proxy on port 3128.

Validate the cntlm configuration

Run the following command with the configuration file you created.

cntlm.exe -c cntlm.ini -I -M https://google.com