Skip to content
/ entunnel Public

Modern C++20 library for establishing TCP tunnels through HTTP proxies on Windows using WinHTTP and transparent SSPI authentication (NTLM/Kerberos).

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

methmind/entunnel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

entunnel

entunnel is a lightweight, modern C++20 library designed to establish TCP tunnels through HTTP proxies on Windows. It specializes in handling corporate environments by automatically detecting system proxy settings and performing transparent authentication (NTLM/Negotiate/Kerberos) using the Windows Security Support Provider Interface (SSPI).

Features

  • C++20 Modules: Built entirely using modern C++20 modules (.ixx).
  • Automatic Proxy Detection: Uses WinHTTP to discover system proxy configurations (PAC scripts or manual settings).
  • Transparent Authentication: Seamlessly handles 407 Proxy Authentication Required using SSPI. Supports NTLM and Kerberos without manual credential management (uses the current user's context).
  • RAII Resource Management: Safe handling of sockets and Windows handles.
  • Dependency Free: Relies solely on the C++ Standard Library and the Windows SDK.

Requirements

  • Compiler: A C++20 compliant compiler with Modules support.
    • Clang (tested only).
  • Build System: CMake 3.26+ (required for C++ Modules support).

Usage

Here is a simple example of how to use entunnel to connect to a remote host through the system proxy:

#include <windows.h>
import entunnel;

int main()
{
    entunnel::C_Entunnel tunnel;

    // 1. Initialize and resolve the system proxy for the target address.
    //    Returns false if no proxy is configured or initialization fails.
    if (!tunnel.initialize(L"api.ipify.org:443")) {
        return -1;
    }

    // 2. Perform the HTTP CONNECT handshake and authentication.
    //    Returns a valid raw SOCKET only if the connection through the proxy was successfully established.
    //    Returns SOCKET_ERROR on failure (e.g., authentication failed or host unreachable).
    SOCKET
    SOCKET rawSocket = tunnel.createTunnel();
    
    if (rawSocket == SOCKET_ERROR) {
        // Handle connection or authentication failure
        return -1;
    }

    // ... Use rawSocket for standard send/recv operations ...

    // Clean up
    closesocket(rawSocket);
    return 0;
}

Architecture

The project is structured into several modular components:

  • entunnel: The main facade class orchestrating the tunnel creation.
  • entunnel.inet: Handles TCP socket operations and scoped socket management.
  • entunnel.proxy: Interacts with WinHTTP to resolve proxy settings (PAC/WPAD support).
  • entunnel.sspi: Manages the authentication handshake (producing NTLM/Kerberos tokens).
  • entunnel.http_parser: A lightweight HTTP parser for processing proxy responses.

License

This project is open-source. Feel free to use and modify it for your needs.

About

Modern C++20 library for establishing TCP tunnels through HTTP proxies on Windows using WinHTTP and transparent SSPI authentication (NTLM/Kerberos).

Topics

windows client networking tcp proxy http-proxy winhttp pac tcp-client ntlm negotiate kerberos wpad sspi tcp-tunnel cpp20 cpp-modules proxy-tunnel transparent-authentication

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages