Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > alt.comp.microsoft.windows > #2928
| From | Marion <marionc@facts.com> |
|---|---|
| Newsgroups | alt.comp.os.windows-10, alt.comp.os.windows-11, alt.comp.microsoft.windows |
| Subject | Re: PSA: You may be surprised what's in your HKCU:Run registry key |
| Date | 2025-10-24 03:30 -0600 |
| Organization | BWH Usenet Archive (https://usenet.blueworldhosting.com) |
| Message-ID | <10dfgv4$1cot$1@nnrp.usenet.blueworldhosting.com> (permalink) |
| References | (4 earlier) <10dbrmg$2msu$1@nnrp.usenet.blueworldhosting.com> <10ddsk9$1mjv$1@nnrp.usenet.blueworldhosting.com> <10deaj7$26v72$2@dont-email.me> <10df2r1$2npv$1@nnrp.usenet.blueworldhosting.com> <mm0qhfFo568U1@mid.individual.net> |
Cross-posted to 3 groups.
Andy Burns wrote:
>> Note there is no concept of saving the configuration in ProxyBridge (as far
>> as I can tell), which is a gross lack of functionality.
>
> Thanks, I hadn't encountered ProxyBridge until now, looks very handy,
> maybe the lack of saving config is their way to differentiate between
> free and paid versions?
Hi Andy,
It's refreshing to see that there are actual thinking humans here, where I
appreciate that you first tuned me to proxies in this ng a few months ago.
I am indebted to Allan Higdon for informing me about ProxyBridge because
it's brand new. It only surfaced in 2023 as an alternative to Proxifer.
ProxyBridge will BLOCK any executable you want to block, even without there
being a proxy server to connect to, which is a neat "firewall" like trick.
But if you add a proxy server, then that's where ProxyBridge handles the
heavy lifting, as shown in my tutorial on how to set up & use ProxyBridge.
Using basic regular expressions, you can route or block traffic out of any
given executable by name with ProxyBridge, for both UDP & TCP protocols.
There is no payware version of the open-source ProxyBridge, which is billed
as an alternative to Proxifer, which is 30-day trialware that is not free.
Looking in my logs since we last spoke about this topic, in the past months
I've tested proxifer, freecap, widecap, socksCap, proxifier, proxycap,
socksescort, shadowsocks, wpadchecker, nekoray, freegate, kproxy, safeip,
ultrasurf, penguinproxy, and today I tested ProxyBridge, where each of
these does some kind of "traffic redirection" or "proxy service".
In general terms, the proxifiers (WideCap, Proxifier, ProxyCap,
SocksEscort) force manually selected Windows apps to use proxies.
The encrypted proxy protocols/clients (Shadowsocks, Nekoray) provide the
actual secure tunnels that proxifiers can use.
Meanwhile, they anti-censorship tools (Psiphon, Freegate, UltraSurf,
KProxy, SafeIP, PenguinProxy) are mostly aimed at bypassing censorship.
And then there was the diagnostic/security (WPADChecker) tools for checking
proxy auto-config vulnerabilities, but I wrote my own (checkproxy.bat).
If you're interested, here is my CheckProxy.bat diagnostic tool.
@echo off
REM C:\data\sys\batch\checkproxy.bat 20250916
REM This is version 2.2
REM Custom unified Windows proxy diagnostic tool
REM v1.0 lists WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM v1.1 replaces echo. with echo( to avoid command misinterpretation
REM v1.2 adds PAC file existence check and SHA256 hash logging (114 lines)
REM v1.3 (152 lines) adds debugging (section 9)
REM v1.4 (161 lines) adds more debugging (section 10)
REM v1.5 (182 lines) adds more debugging (section 11)
REM v1.6 (204 lines) adds command reference (section 12)
REM v1.7 (205 lines) Added example.com which is reserved for demos/tests.
REM v1.8 (217 lines) Added check for freegate proxy in addition to psiphon
REM v1.9 (231 lines) Added output in final report to add freegate logging
REM v2.0 (271 lines) adds timestamped log (checkproxyYYYYMMDD_HHMMSS.log)
REM v2.1 (285 lines) parameterized HTTP port for freegate 8580 & psiphon 3736
REM v2.2 (299 lines) parameterized all the proxy ports throughout
REM Comment linelength limit ==================================================
REM 567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 12
:: Normally the pac file is served by a web server.
:: This script doesn't rely on Windows successfully fetching the PAC file
:: via HTTP. Instead, it Sets the registry key to point to the PAC URL
:: It assumes the PAC logic is known & trusted.
:: It uses proxy.cmd to apply proxy settings directly,
:: bypassing the need for Windows to interpret the PAC file
:: So even if http://127.0.0.1/proxy.pac isn’t actually being served
:: by a web server, the system still behaves as if it is because the
:: tooling here enforces the logic manually.
:: This is the where Windows typically looks for the PAC script URL.
:: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
:: AutoConfigURL = http://127.0.0.1/proxy.pac
:: That tells Windows to fetch the PAC file from your own machine via HTTP
:: http://127.0.0.1/proxy.pac
:: C:\data\sys\batch\proxy.pac
:: curl http://127.0.0.1/proxy.pac
::
:: You could point to the actual pac file but that's less universal
:: AutoConfigURL = file:///C:/data/sys/batch/proxy.pac
::
:: C:\app\network\psiphon\psiphon3.exe -mode=socks
:: Win+I > Settings > Network & Internet > Proxy > Manual proxy setup = on
:: Automatic proxy setup
:: Automatically detect settings = on
:: Use setup script = on
:: Script address = http://127.0.0.1/proxy.pac
:: Manual proxy setup
:: Use a proxy server = on
:: Address http=127.0.0.1:3736;https=127.0.0.1:3736;socks=127.0.0.1:1080
:: Port = <blank>
:: Use the proxy server except for addresses that start with the following entries. Use semicolons (;) to separate entries.
:: 10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;169.254.*;[fc*];[fd*];[fe8*];[fe9*];[fea*];[feb*]
:: [x]Don't use the proxy server for local (intranet) addresses
::
:: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
:: AutoConfigURL = http://127.0.0.1/proxy.pac
::
:: C:\data\sys\batch\proxy.pac
::
:: Final Result
:: WinINET: Enabled and pointing to Psiphon
:: WinHTTP: Synced to match WinINET
:: PAC: Registry keys set, logic assumed, Auto-Detect enabled
:: The system is now fully aligned across all proxy layers.
::
REM BELOW is the log wrapper (console output saved to a timestamped file) v2p0
set "LOGDIR=C:\data\sys\log"
if "%1"=="__LOGGING__" goto :run_script
for /f "tokens=1-4 delims=/ " %%a in ("%DATE%") do (
set DOW=%%a
set MM=%%b
set DD=%%c
set YYYY=%%d
)
for /f "tokens=1-3 delims=:." %%a in ("%TIME%") do (
set HH=%%a
set Min=%%b
set Sec=%%c
)
if "%HH:~0,1%"==" " set HH=0%HH:~1,1%
set LOGSTAMP=%YYYY%%MM%%DD%_%HH%%Min%%Sec%
set "LOGFILE=%LOGDIR%\checkproxy%LOGSTAMP%.log"
set "TMPTXT=%LOGDIR%\checkproxy%LOGSTAMP%.tmp"
if not exist "%LOGDIR%" md "%LOGDIR%" 2>nul
powershell -NoProfile -Command ^
" & { & cmd /c '\"%~f0\" __LOGGING__' 2>&1 | Tee-Object -FilePath '%TMPTXT%' }"
powershell -NoProfile -Command ^
" [System.IO.File]::WriteAllText('%LOGFILE%', (Get-Content -Raw -LiteralPath '%TMPTXT%'), (New-Object System.Text.UTF8Encoding($false))); Remove-Item -LiteralPath '%TMPTXT%' -ErrorAction SilentlyContinue"
echo(
echo Log created at %LOGFILE%
echo(
pause
exit /b
:run_script
REM ABOVE is the log wrapper (console output saved to a timestamped file) v2p0
set FREEGATE_HTTP_PORT=8580
set FREEGATE_HTTP_PORT_ALT=8581
set PSIPHON_HTTP_PORT=3736
set PSIPHON_SOCKS_PORT=1080
echo [%DATE% %TIME%] Starting proxy check...
setlocal
set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
set PACFILE=C:\data\sys\batch\proxy.pac
REM v2.0 Replace the HTTP proxy port with a parameterized port
echo ==============================================
echo WINDOWS PROXY CONFIGURATION CHECK
echo ==============================================
REM --- PAC file existence check ---
if not exist "%PACFILE%" (
echo WARNING: PAC file not found at %PACFILE%
) else (
echo PAC file found at %PACFILE%
echo PAC file SHA256 hash:
certutil -hashfile "%PACFILE%" SHA256
)
REM --- WinINET (manual proxy) ---
echo(
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)
REM --- WinHTTP proxy ---
echo(
echo [2] WinHTTP proxy (system/background services)
netsh winhttp show proxy
REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo(
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B
if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)
if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)
REM Added these debugging commands (v1p3)
echo(
echo [4] Psiphon and Mongoose process check
echo tasklist | findstr /i "psiphon3.exe mongoose.exe"
tasklist | findstr /i "psiphon3.exe mongoose.exe"
:: Added this insert to check for freegate proxy (v1p8)
echo(
echo [4b] Freegate process check
tasklist | findstr /i "fg790p.exe"
echo(
echo [5b] Freegate port binding check
REM netstat -ano | findstr :8580
netstat -ano | findstr :%FREEGATE_HTTP_PORT%
REM netstat -ano | findstr :8581
netstat -ano | findstr :%FREEGATE_HTTP_PORT_ALT%
:: END INSERT to check for freegate proxy (v1p8)
echo(
echo [5] Port binding check (Mongoose/Proxy)
echo netstat -ano | findstr :8080
netstat -ano | findstr :8080
echo(
echo [6] DNS resolution test
echo nslookup example.com
REM nslookup example.com
REM v2.1 suppressed stderr
nslookup example.com 2>nul
echo(
echo [7] Internet connectivity test
echo ping 8.8.8.8
ping 8.8.8.8
REM Using %PROXY_PORT% set to Freegate (8580) & then to Psiphon (3736)
echo(
echo [8] Proxy test via curl (Freegate and Psiphon)
REM --- Freegate test (8580) ---
REM set PROXY_PORT=8580
set PROXY_PORT=%FREEGATE_HTTP_PORT%
echo -- Freegate on port %PROXY_PORT% --
echo curl -x http://127.0.0.1:%PROXY_PORT% http://example.com --max-time 5
curl -x http://127.0.0.1:%PROXY_PORT% http://example.com --max-time 5
REM --- Psiphon test (3736) ---
REM set PROXY_PORT=3736
set PROXY_PORT=%PSIPHON_HTTP_PORT%
REM echo -- Psiphon on port %PROXY_PORT% --
echo curl -x http://127.0.0.1:%PROXY_PORT% http://example.com --max-time 5
curl -x http://127.0.0.1:%PROXY_PORT% http://example.com --max-time 5
echo(
echo [9] .NET proxy settings (PowerShell)
echo powershell -Command "[System.Net.WebRequest]::DefaultWebProxy"
powershell -Command "[System.Net.WebRequest]::DefaultWebProxy"
echo(
echo [10] Network adapter configuration
echo ipconfig /all
ipconfig /all
echo(
echo [11] Network interface and routing diagnostics
echo netsh interface show interface
netsh interface show interface
echo(
echo route print
route print
echo(
echo curl --verbose http://example.com
curl --verbose http://example.com
REM Optional deeper trace (creates trace.txt in current folder)
echo(
echo curl --trace trace.txt http://example.com
curl --trace trace.txt http://example.com
echo(
echo Summary:
echo Proxy Enabled: %ProxyEnable%
echo Proxy Server: %ProxyServer%
echo PAC URL: %PACurl%
echo AutoDetect: %AutoDetect%
echo(
echo ==============================================
echo Check complete.
echo ==============================================
echo(
echo [12] Command Reference (manual run options)
echo certutil -hashfile "C:\data\sys\batch\proxy.pac" SHA256
echo reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable
echo reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer
echo netsh winhttp show proxy
echo reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL
echo reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoDetect
echo tasklist | findstr /i "psiphon3.exe mongoose.exe"
echo netstat -ano | findstr :8080
echo nslookup example.com
echo ping 8.8.8.8
REM echo curl -x http://127.0.0.1:3736 http://example.com --max-time 5
echo psiphon http port
echo curl -x http://127.0.0.1:%PSIPHON_HTTP_PORT% http://example.com --max-time 5
echo freegate http port
echo curl -x http://127.0.0.1:%FREEGATE_HTTP_PORT% http://example.com --max-time 5
echo powershell -Command "[System.Net.WebRequest]::DefaultWebProxy"
echo ipconfig /all
echo netsh interface show interface
echo route print
echo curl --verbose http://example.com
echo curl --trace trace.txt http://example.com
echo(
echo Freegate process check:
tasklist | findstr /i "fg790p.exe" || echo No Freegate process found.
echo(
echo Freegate port check:
REM netstat -ano | findstr :8580 || echo No listener on 8580
REM netstat -ano | findstr :8581 || echo No listener on 8581
netstat -ano | findstr :%FREEGATE_HTTP_PORT% || echo No listener on %FREEGATE_HTTP_PORT%
netstat -ano | findstr :%FREEGATE_HTTP_PORT_ALT% || echo No listener on %FREEGATE_HTTP_PORT_ALT%
REM Sometimes Freegate sets ProxyServer to 127.0.0.1:8590 in
REM Internet Options while actually listening on 8580 so check for that
echo(
echo ProxyServer registry value: %ProxyServer%
REM echo Expected Freegate listener: 127.0.0.1:8580
echo Expected Psiphon listener: 127.0.0.1:%PSIPHON_HTTP_PORT%
echo Expected Freegate listener: 127.0.0.1:%FREEGATE_HTTP_PORT%
endlocal
REM end of C:\data\sys\batch\checkproxy.bat
--
It's refreshing when someone posts to the Windows ng who is not a troll.
Back to alt.comp.microsoft.windows | Previous | Next — Previous in thread | Next in thread | Find similar
PSA: You may be surprised what's in your HKCU:Run registry key Marion <mariona@fact.com> - 2025-10-22 10:51 -0700
Re: PSA: You may be surprised what's in your HKCU:Run registry key "Allan Higdon" <allanh@vivaldi.net> - 2025-10-22 15:41 -0500
Re: PSA: You may be surprised what's in your HKCU:Run registry key Marion <marionb@fact.com> - 2025-10-22 17:07 -0600
Re: PSA: You may be surprised what's in your HKCU:Run registry key Marion <marionb@fact.com> - 2025-10-22 17:29 -0600
Re: PSA: You may be surprised what's in your HKCU:Run registry key Marion <marionb@fact.com> - 2025-10-22 18:08 -0600
Re: PSA: You may be surprised what's in your HKCU:Run registry key Marion <marionb@fact.com> - 2025-10-23 12:36 -0600
Re: PSA: You may be surprised what's in your HKCU:Run registry key Hank Rogers <Hank@nospam.invalid> - 2025-10-23 17:35 -0500
Re: PSA: You may be surprised what's in your HKCU:Run registry key Marion <marionb@fact.com> - 2025-10-23 23:29 -0600
Re: PSA: You may be surprised what's in your HKCU:Run registry key Hank Rogers <invalid@nospam.com> - 2025-10-24 05:48 +0000
Re: PSA: You may be surprised what's in your HKCU:Run registry key Marion <marionc@facts.com> - 2025-10-24 00:06 -0600
Re: PSA: You may be surprised what's in your HKCU:Run registry key Andy Burns <usenet@andyburns.uk> - 2025-10-24 09:09 +0100
Re: PSA: You may be surprised what's in your HKCU:Run registry key Marion <marionc@facts.com> - 2025-10-24 03:30 -0600
Re: PSA: You may be surprised what's in your HKCU:Run registry key Andy Burns <usenet@andyburns.uk> - 2025-10-24 11:56 +0100
Re: PSA: You may be surprised what's in your HKCU:Run registry key Marion <marionc@facts.com> - 2025-10-24 05:15 -0600
Re: PSA: You may be surprised what's in your HKCU:Run registry key "Allan Higdon" <allanh@vivaldi.net> - 2025-10-22 15:41 -0500
Re: PSA: You may be surprised what's in your HKCU:Run registry key Marion <marionb@fact.com> - 2025-10-22 15:26 -0600
Re: PSA: You may be surprised what's in your HKCU:Run registry key Hank Rogers <Hank@nospam.invalid> - 2025-10-22 18:56 -0500
Re: PSA: You may be surprised what's in your HKCU:Run registry key Marion <marionb@fact.com> - 2025-10-22 18:21 -0600
Re: PSA: You may be surprised what's in your HKCU:Run registry key "J. P. Gilliver" <G6JPG@255soft.uk> - 2025-10-23 01:23 +0100
Re: PSA: You may be surprised what's in your HKCU:Run registry key Marion <marionb@fact.com> - 2025-10-22 19:09 -0600
Re: PSA: You may be surprised what's in your HKCU:Run registry key Marion <marionb@fact.com> - 2025-10-22 21:08 -0600
Re: PSA: You may be surprised what's in your HKCU:Run registry key "Steve Silverwood [KB6OJS]" <steve.silverwood@gmail.com> - 2026-02-11 17:26 -0800
Re: PSA: You may be surprised what's in your HKCU:Run registry key "Steve Silverwood [KB6OJS]" <steve.silverwood@gmail.com> - 2026-03-28 13:23 -0700
csiph-web