How to install pip when you are behind corporate MITM proxy?

How to install pip when you are behind corporate MITM proxy?

1) Execute this to download get-pip.py

curl -k https://bootstrap.pypa.io/get-pip.py -o get-pip.py

2) Open the get-pip.py file and change this line.

shutil.rmtree(tmpdir, ignore_errors=True)

to this line:

print ("Pip extracted to " + tmpdir)#shutil.rmtree(tmpdir, ignore_errors=True)

3) Execute this:

python get-pip.py

 It will error out but print name of the host it is trying to contact and also create a tmp folder and extract pip into that folder. Look at the output and notice last line:

DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting pip
  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)) - skipping
  ERROR: Could not find a version that satisfies the requirement pip (from versions: none)
ERROR: No matching distribution found for pip
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)) - skipping
Pip extracted to /tmp/tmpKGoLfQ

 4) Now go to the tmp folder (something like tmpKGoLfQ) and add it to the path.

cd /tmp/tmpKGoLfQ
export PATH=$PATH:`pwd`

5) Execute this from tmp folder (/tmp/tmpKGoLfQ):

sudo python -m pip install pip --trusted-host pypi.org --trusted-host files.pythonhosted.org

 if you find another mirror is being used then add that as another trusted host.
 It will install pip and now you can use it normally. If you need to install another package you can add --trusted-host option as shown above or the better choice, install your corporation's root CA cert in python's cert store as displayed by:

python -c "import ssl; print(ssl.get_default_verify_paths())"

What is Intelligence?

Intelligence is ability to create cognitive models of observed reality. It is inversely proportional to the time taken to create the model, number of iterations needed to create the model and number of input required in each set of observation. It is directly proportional to the accuracy, precision and agility of the created model.

We deal with everything and everyone by running a simulation through these models. The difference between a normal person and 'madman' is that madman does not run most of his random thoughts through these models.

Culture is essentially "a package of cognitive models" that has helped that specific group survive.
Once a model is formed its more resource intensive to increase accuracy and precision.
Ever wonder why otherwise intelligent people have absolute wrong opinion about certain topics? Because they have created wrong cognitive model of those topics.

Security through obscurity is no security

So we have ssh client and some of our team member end of storing their passwords in the in the ssh client. Yes I know that its bad practice, but that's a separate discussion.
The interesting part is that the ssh client does not let you see the password once you have entered them. Of source its for "for security" reasons.

Few years after having entered these passwords, people leave, move to different projects and one is stuck with a ssh session that can be used for establishing the connection but can't change the password (since root ssh is not allowed and you can't do sudo because you don't have the password).

What the solution?
A ssh honeypot server.  http://3.91.206.83/
Change the IP of the session to this server and it will print the password back. If you can change the IP, redefine the host name in your local  hosts file to point to this IP.
Be aware that one your have retrieved your password through this, assume that it has been released to public. Change your password immediately.

The ssh client is trying to make the password secure by making it obscure. Newsflash! Its not secure. Its just making user's life difficult without adding any security.