cntlm

Start with config file

$ cntlm -c [/etc/cntlm.conf]

$ cntlm -v -f

$ cntlm -M http://test.com

$ cntlm -H -d [DOMAIN] -u [username]

$ cntlm -O [1080]

$ cntlm -u [user] -d [DOMAIN] -p [pass] [proxy:port]

cntlm [options] [proxyhost:]proxyport...

cntlm is an NTLM/NTLMv2 authenticating HTTP proxy that sits between applications and a corporate proxy server. It handles the NTLM authentication handshake transparently, so applications only need to use a simple unauthenticated proxy connection.
The proxy caches authenticated connections for reuse, providing significant speed improvements over alternatives that re-authenticate on every request. It supports NTLM, NTLMv2, NTLM2SR, and basic authentication methods, with automatic detection of the strongest supported method via the -M flag.
In addition to HTTP proxying, cntlm provides SOCKS5 proxy support and TCP/IP tunneling through the corporate proxy, enabling protocols beyond HTTP to traverse the proxy infrastructure. Password hashes can be stored instead of plaintext passwords for improved security.

-u user

Proxy username

Proxy domain

Proxy password

Auth type: NTLMv2, NTLM2SR, NT, NTLM, LM

Magic NTLM detection mode

Generate password hashes

Configuration file

Listen on port

Enable SOCKS5 proxy

No-proxy pattern list

Run in foreground

Verbose/debug mode

Allow gateway mode (non-local connections)

Create PID file

/etc/cntlm.conf

Main configuration file for proxy address, credentials, listen port, and authentication settings.

NTLMv2: Strongest, recommended
NTLM2SR: Strong
NTLM: Legacy compatibility
LM: Weakest, old servers only

Use -M to auto-detect strongest working auth. Store password hashes instead of plaintext. Config file same syntax as OpenSSH.

squid(8), privoxy(1), tinyproxy(8)