49

I want to set a proxy throught the command line, first thing I found out is that you have to run command line with administrator rights - then the basic proxy set would be:

netsh winhttp set proxy SERVER:PORT

This works nice, but I also want to add a login. As you can see I've tried using netsh->winhttp, however manual does not say anything about the login part so I just tried:

netsh winhttp set proxy user:password@SERVER:PORT

This unfortunately does not work. Is it even possible to achieve something like this in netsh->winhttp?

If so, how? If not => what windows commands should I follow?
̶O̶r̶ ̶i̶s̶ ̶t̶h̶i̶s̶ ̶m̶o̶r̶e̶ ̶e̶a̶s̶i̶l̶y̶ ̶a̶c̶h̶i̶e̶v̶e̶a̶b̶l̶e̶ ̶t̶h̶r̶o̶u̶g̶h̶ ̶s̶o̶m̶e̶ ̶W̶i̶n̶d̶o̶w̶s̶A̶P̶I̶ ̶(̶e̶.̶g̶.̶ ̶u̶s̶i̶n̶g̶ ̶C̶/̶C̶+̶+̶)̶?̶

Thanks for help, please feel free to ask any questions if something is unclear.

USING: Windows 7, cmd.exe, netsh->winhttp

EDIT: This looks like the C++ way: http://msdn.microsoft.com/en-us/library/windows/desktop/aa383144(v=vs.85).aspx , but a better way for C++ might be to go this way: http://msdn.microsoft.com/en-us/library/windows/desktop/aa385384(v=vs.85).aspx#general_option, - so the remaining question is how to achieve this in command line generally (or even better command-line->netsh->winhttp)?

jave.web
  • 13,880
  • 12
  • 91
  • 125
  • 1
    It doesn't look like it is possible. [activating Windows through an authenticating proxy](http://pandu.poluan.info/blog/20131028-14/activating-windows-authenticating-proxy-2/) provides some alternatives – DavidPostill Nov 22 '14 at 17:49
  • See also [How to set SQUID Proxy authentication using netsh?](http://stackoverflow.com/q/14998827) – DavidPostill Nov 22 '14 at 17:49
  • hmmm seems weird that there is no command-line way to do proxy authentication at all... (not talking about netsh now...) – jave.web Nov 22 '14 at 20:07
  • Probably because the registry entries for `ProxyUser` and `ProxyPassword` are encrypted? – DavidPostill Nov 22 '14 at 20:19
  • @DavidPostill Probably , but that should be no problem when using system own's commands which should know how to de/encrypt ... – jave.web Nov 24 '14 at 14:51

4 Answers4

69

If you are using Microsoft windows environment then you can set a variable named HTTP_PROXY, FTP_PROXY, or HTTPS_PROXY depending on the requirement.

I have used following settings for allowing my commands at windows command prompt to use the browser proxy to access internet.

set HTTP_PROXY=http://proxy_userid:proxy_password@proxy_ip:proxy_port

The parameters on right must be replaced with actual values.

Once the variable HTTP_PROXY is set, all our subsequent commands executed at windows command prompt will be able to access internet through the proxy along with the authentication provided.

Additionally if you want to use ftp and https as well to use the same proxy then you may like to the following environment variables as well.

set FTP_PROXY=%HTTP_PROXY%

set HTTPS_PROXY=%HTTP_PROXY%
Michael Lihs
  • 7,460
  • 17
  • 52
  • 85
Chinmay
  • 840
  • 6
  • 9
  • 1
    Looks neat, is it documented somewhere? how is windows support (which versions) ? – jave.web Jan 10 '17 at 14:24
  • For me it worked well on my Windows 7. Our main target was to set the variable HTTP_PROXY before running a command that expects network to be connected (through http proxy) Syntax for setting environment variable differs from shell to shell and operating system to operating system. You can positively find out a different format of this on a Linux system as well. I feel basic logic should work with any operating system. I collected this information from somewhere in the internet that I exactly don't remember. Once I recollect I will update here. – Chinmay Jan 11 '17 at 07:34
  • 1
    I was seeking for a proxy setting for windows cmd for long time, this one works, thanks. With this setting, command line tools can work behind the cooperator's proxy. – Owen Cao Jan 09 '18 at 02:04
  • 1
    Just to keep the things handy. If you have a lock, a key should be kept as well ;) Below are commands(use without curly brackets) to remove the proxy. {set http_proxy=} {set https_proxy=} – saurabh Oct 01 '19 at 05:28
  • You saved my day. Works at Windows Server 2019, for tools like Nuget. (When it's run under local system acount.) – yatskovsky Apr 29 '21 at 19:38
  • In my environment, Windows Server 2019 DC, Azure VM, solution does not work, I tested using that command `set HTTP_PROXY=http://proxy_userid:proxy_password@proxy_ip:proxy_port`. My goal is to connect/onboard VM to Windows Defender for Endpoint console, my network (where win 2k19 is located is isolated, do not have access to internet 443/80 port blocked on NSG) – tester81 May 13 '21 at 07:29
  • How do I make it permanent such that I do not need to repeat all the time? – João Pimentel Ferreira Oct 07 '21 at 13:45
26

cmd

Tunnel all your internet traffic through a socks proxy:

netsh winhttp set proxy proxy-server="socks=localhost:9090" bypass-list="localhost"

View the current proxy settings:

netsh winhttp show proxy

Clear all proxy settings:

netsh winhttp reset proxy
ejderuby
  • 710
  • 5
  • 21
Adasiek
  • 269
  • 3
  • 2
11

IE can set username and password proxies, so maybe setting it there and import does work

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d name:port
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyUser /t REG_SZ /d username
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyPass /t REG_SZ /d password
netsh winhttp import proxy source=ie
overflowed
  • 1,773
  • 10
  • 13
  • 3
    **Findings:** the proxy gets by these registries **only** when ANY browser is ran, **BUT** netsh winhttp still shows direct access, also disabling the proxy requires registry change `ProxyEnable` to `0` **and** re-starting the browser afterwards. (btw: my tip is to send reg add commands with /f parameter so existing entries are rewritten without asking) – jave.web Nov 27 '14 at 16:02
  • 3
    **Problem remaining:** even though proxy is set, the proxy ***authentication is NOT set*** ... So it does not solve the problem with pre-authentication. – jave.web Nov 27 '14 at 16:05
  • Thanks very much for this solution. this works excellent as the netsh commands that i tried before, do not work. – Hugo Garcia Mar 08 '16 at 22:09
  • It does not work for ma as well, I tested on latest Azure 2019 Windows Server Data center. – tester81 May 13 '21 at 07:27
10

The best way around this is (and many other situations) in my experience, is to use cntlm which is a local no-authentication proxy which points to a remote authentication proxy. You can then just set WinHTTP to point to your local CNTLM (usually localhost:3128), and you can set CNTLM itself to point to the remote authentication proxy. CNTLM has a "magic NTLM dialect detection" option which generates password hashes to be put into the CNTLM configuration files.

Adam Burley
  • 5,551
  • 4
  • 51
  • 72
  • Here is an issue and resolution with running latest `cntlm` as windows service: https://superuser.com/questions/1192694/cannot-start-cntlm – Vadzim May 16 '17 at 18:54
  • See also http://stackoverflow.com/questions/9181637/how-to-fill-proxy-information-in-cntlm-config-file – Vadzim May 16 '17 at 19:24