Automatic Web Proxy Discovery and Client Configuration in MS Windows Environment

 

Background

For most of us that work in Corporate MS Windows Environment, our Internet Gateway \ Proxy configuration is pretty hidden.

At home, we either have direct connections to the Internet, have a gateway assigned to us by our ISP, or get on the Internet through our own Router or Wireless Access Point (WAP).

 

Corporate Environment

On the other hand, while at work in a Corporate Environment, when we do the following:

  • Access Control Panel
  • Access Internet Options
  • In the “Internet Properties” window, access the “Connections” tab
  • Within the “Local Access Networks (LAN) settings” group box, click the “LAN Settings” button
  • In the “Local Access Network (LAN) settings” window, you will be able to review your Proxy settings

Our available choices are

    • Automatically detect settings
    • Use automatic configuration script
    • Use a single Proxy Server
    • Access to configure proxy server based on traffic type ( HTTP/FTP, etc)

 

InternetProperties-LocalAreaNetworkSettings-AutomaticConfiguration-AutomaticallyDetectSettings

 

Inquiry Mind

So to put it subtly an Inquiry mind wants to know.  Which server is proxy-ing our web traffic.

Well that is where WPAD comes in?

 

Honorable Mentions

Richard Hicks

His article “Configuring Web Proxy Automatic Discovery (WPAD) in Forefront Threat Management Gateway (TMG) 2010” knocks the topic out of the park.  It stimulates my thinking, and notice that I did not say it stimulated my thinking.

Richard is a Microsoft’s Enterprise Security MVP; and he does that acknowledgement well.

 

Web Proxy Automatic Discovery

There are a couple of ways that a machine acquires its Internet’s Client Configuration

  • DHCP
    • For machines that do not have fixed IP Addresses, the network’s DHCP server can return the Internet Proxy Server as part of the initial Network Configuration configuration.  That is, when returning other Client Configuration data such as the Assigned IP Address, Gateway Address, and Subnet mask.
    • As Richard’s article pointed out, for bigger networks with a stable of Proxy Servers, we are able to designate specific Proxy Servers on subnet basis.  That is we specify Proxy Server T1 for Building A, and another Proxy Server, Proxy T1, for Building D.
  • DNS
    • DNS Server Configuration
      • Create “A” DNS records for each Proxy Server
      • Create “C” records that point to the various “A” records.
      • The C records will bear the name WPAD
    • Client Configuration/Requests
      • DNS Clients issues requests for WPAD
      • The DNS Server will return the IP Address for one of the “A” records

Which One are we using?

DHCP

I honestly can not say for sure whether we are getting Internet proxy configuration via DHCP.

I will have to use a Network Traffic Tool and review its requests and the response from the DHCP to answer affirmatively.

DNS

But, I can say that we are using DNS; solely or in addition

Query DNS for WPAD Records

  • Access Console
  • Issue DNS Query


Query Syntax

nslookup WPAD

wpad

 

Explanation:

When we use nslookup and issue WPAD query against our default DNS Server, we get back

  • DNS Server
    • Server :- The name of the responding DNS Server
    • Its IP Address
  • WPAD
    • Name :- The name of the WPAD Server
    • Addresses :- The A records IP Addresses
    • Aliases :- The “C” records

Network Connections

Let us review our current network connections and see if we indeed have traffic going to our stated Proxy Server: 

Syntax:
netstat -anb | find [Proxy-Server]
Sample:
netstat -anb | find "10.4."

 

Image:
netstat--anb

 

Application

Configuration

Most Web Browsers have been coded to able to work with WPAD.

On the other hand, 3rd Vendors might not have augmented their applications likewise.

 

Notepad++

Here we configure Notepad++ with our Proxy Server, its IP Address and Port Number.  And, later our Network username and password.

Plugin Manager Settings

PluginManagerSettings

Proxy Credentials:

ProxyCredential

 

 

Installation Failure

But, sadly our installation of our plugin failed.

InstallationError-InstallationOfPowerShellLexerFailed

 

 

Why you ask me:

To determine why our install failed, we have to dig a bit deeper and see if there are log files created by Notepad++.

Notepad++ developers are good ones and you know they are smart.

Here is where Update Log files are and where they are not:

  • C:\Program Files (x86)\Notepad++\plugins = No
  • C:\Users\[username]\AppData\Roaming\Notepad++\plugins\config\plugin_install_temp\plugin1 = Yes

Here is our Proxy Log:

installFailed

 

The identifying error is:

  • Error Code: 407 Proxy Authentication Required. Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209).

 

Conclusion:

  • Yes, I wish we had a WIN
  • But, our corporate security is a bit complex
    • We do not have traditional username/password, but smart badge and accompanying pin
    • Yes, I have Internet access for my regular user tied into the Smart Badge
    • But, it is very unlikely that I have Internet access on my Admin Account

 

Listening

Kenny Chesney & Kid Rock – LuckenBach Texas
https://www.youtube.com/watch?v=TjDmdiE-Bvg

At the end of the song their is an exchange between Kenny & Kid Rock; it reads

How they did it in 80 ….
If you listen to this song, you are listening to something real

Don’t listen to something else
At 4:00 O’Clock in the morning

Thank God, they get to stay up till 4 O’Clock in the morning, doing what they are happy doing.

And, as for me, thank Goodness for Richard Hicks and other MVPS.

I will take the advice of the singers here; as I am unlikely to listen to anyone else.

 

References

Security Vendors

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s