Allow Use of a Proxy Server
Canny AI
Merged in a post:
Add proxy server support
A
Alexander Sagen
While validating a proxy configuration for Huntress, we attempted to run the HuntressSupport.exe tool with the "connect" argument, in order to verify connectivity with proxy enabled. We didn't quite get that to work, as it returned an error message containing "dial tcp 104.26.1.173:443: i/o timeout". We later verified that HuntressAgent.exe works the exact same way.
That error message is specific to the Go programming language, which helps us a bit with troubleshooting, as we're familiar with Go. The error leads us to believe that a custom http.Transport is used, without the http.ProxyFromEnvironment function.
Ideally, we'd appreciate if the Windows system proxy information (from WinHTTP/IE) was used, instead of straight up having no way to use a proxy server at all.
This can trivially be implemented in Go using a package such as https://github.com/rapid7/go-get-proxied
As for security considerations, you would have to define a proxy server on the SYSTEM user (registry path "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" key "DefaultConnectionSettings") in order to define proxy settings that would apply to the Huntress Agent at all. This requires administrative privileges (the Administrators group is allowed to modify this key).
A
Alexander Sagen
Update: HuntressAgent.exe performs connections in the exact same manner as HuntressSupport.exe, so this should also apply to the Huntress Agent itself.
P
Phil Stricker
This is a VERY important feature. As you are hosting on a cloud infrastructure, it is not possible to use the agent without a host->any:443 allow-rule, which is not possible most of our infrastructures.
M
Mitsuko'la Quigley'la
This is a killer criteria for certain customers with on premise hardened infrastructure which still needs to be monitored. Alternatively, let me know what traffic destinations need to be allow-listed leaving my enclaves.