Overview#

Malicious PAC are Attacks where an Attacker is able to Force the browser or User-agent to use a Malicious Proxy Auto-Config file.

The typical Scenario is a Public Wi-Fi (cafe, hotel, airport, …) where the Attacker uses:

• DHCP spoofing/hijacking, sending out DHCP option code for WPAD (252)
• DNS spoofing/hijacking, responding for /^wpad/ (WPAD) queries

Browser or User-agent then exposes the (https://) URLs to the PAC function

• FindProxyForURL(url, host)
• This is not an attack on TLS/SSL, TLS/SSL versions/features/configurations CAN NOT block it.!! More Information

There might be more information for this subject on one of the following:

• Attack
• Proxy Auto-Config
• Web Proxy Auto-Discovery Protocol

---

• [#1] - Sniffing HTTPS URLS with malicious PAC files - based on information obtained 2018-05-23-