!!! Overview
[{$pagename}] are [Attacks] where an [Attacker] is able to Force the [browser] or [User-agent] to use a [Malicious] [Proxy Auto-Config] file.

The typical Scenario is a [Public Wi-Fi] (cafe, hotel, airport, …) where the [Attacker] uses:
* [DHCP] spoofing/hijacking, sending out [DHCP] option code for [WPAD] (252)
* [DNS] spoofing/hijacking, responding for /^wpad/  ([WPAD]) queries

[Browser] or [User-agent] then exposes the (https://) [URLs] to the [PAC] function
* FindProxyForURL(url, host)
* This is not an [attack] on [TLS]/[SSL], [TLS]/[SSL] versions/features/configurations __CAN NOT block it__.!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Sniffing HTTPS URLS with malicious PAC files|https://www.contextis.com/blog/leaking-https-urls-20-year-old-vulnerability|target='_blank'] - based on information obtained 2018-05-23-