The following tools are used:
- cntlm is proxy that let our tools go through the proxy by doing the NTLM authentication bits. It will be listening in localhost and behaving like a common HTTP proxy.
- corkscrew to tunnel SSH traffic over HTTP proxies
- An ssh client to open a Socks proxy in localhost and an ssh server listening on 443.
- A web browser that supports Socks proxies (e.g. Firefox)
The traffic will flow as follows:
Firefox -> ssh client -> corkscrew -> CNTLM -> Corporate Proxy -> SSH server -> Inet.