Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the PrinciplesUnderstanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

Complete Process of HTTP Proxy Authentication

How Username and Password are Verified

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

When using an HTTP proxy, how are the entered username and password verified? This article will explain the principles and demonstrate the process, giving you a comprehensive understanding of the HTTP proxy authentication mechanism and its key implementation logic.

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

Key Concepts

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

How does the software verify the username and password entered in the HTTP proxy (software implementation + process demonstration + principle explanation)?

The Proxy-Authorization is an HTTP request header used to provide authentication credentials to the proxy server. When the proxy returns a 407 response requesting authentication, the client places the credentials in this header, formatted as “authentication method credential content”, for the proxy to verify identity, which is the core request header for proxy login.

Basic in Proxy-Authorization is a basic authentication method. The client encodes “username:password” as credentials using Base64, which the proxy decodes for verification. This encoding is reversible, not encrypted, and has low security, requiring HTTPS to prevent credential theft.

This also involves a key authentication logic, described in the following process.

① The client (e.g., Chrome) will only send the username and password (via the Proxy-Authorization request header) after receiving a 407 Proxy Authentication Required response from the proxy server.

② If the proxy program has never requested authentication (i.e., has not returned a 407 response), the client will not proactively send credentials even if configured with a username and password—because in the design of the HTTP protocol, authentication is “triggered on demand”.

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

Demonstration Process

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

Chrome configuration is shown below.

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

After configuring the proxy login (username and password) in Chrome, how the HTTP proxy program recognizes it.

Once the application is confirmed, start the proxy.

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

Access the specified site.

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

As can be seen, the entered information is output in the response body.

Let’s check the program’s backend logs.

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

It can be seen that Chrome carried the Proxy-Authorization in the HTTP header.

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

Key Logic

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

① The browser will not proactively include Proxy-Authorization; it requires the proxy program to prompt first. The corresponding key code is as follows:

        // Attempt to parse the HTTP request        if (parseRequest(m_requestData)) {            qDebug() << "data : " << m_requestData;            // Check if there is a Proxy-Authorization header            if (!m_requestData.contains("Proxy-Authorization:")) {                // Return 407 response, requesting Basic authentication                QByteArray response = "HTTP/1.1 407 Proxy Authentication Required\r\n"                                      "Proxy-Authenticate: Basic realm=\"Proxy Login\"\r\n"                                      "\r\n";                m_clientSocket->write(response);                m_clientSocket->disconnectFromHost(); // Close connection, forcing client to retry and carry credentials                return;            }            decodeProxyAuthorization(m_requestData, m_userName, m_password);            m_requestParsed = true;            m_serverSocket->connectToHost(m_targetHost, m_targetPort);            qDebug() << "Connecting to" << m_targetHost << ":" << m_targetPort;        }

Here, some may ask, what about HTTPS?

The username and password transmission mechanism for HTTPS proxies is the same as for HTTP proxies: submitted via the Proxy-Authorization request header, formatted as “authentication method + encoded credentials” (e.g., Base64 string after Basic).

In fact, HTTPS essentially wraps the HTTP protocol with an SSL layer—this SSL acts as a “protective cloak” for data transmission, establishing an end-to-end secure channel that prevents eavesdropping and tampering by intermediate nodes, and verifies the identities of both parties through a certificate mechanism. As for how SSL implements encryption and the key steps in the handshake process, we will detail in subsequent articles, so stay tuned if you’re interested.

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

END

Understanding HTTP Proxy Authentication: How Software Works, the Process, and the PrinciplesUnderstanding HTTP Proxy Authentication: How Software Works, the Process, and the Principles

Leave a Comment