In this tutorial, we’ll take a look at how we can hack clients in the local network by using WPAD (Web Proxy Auto-Discovery). The WPAD protocol allows automatic discovery of web proxy configuration and is primarily used in networks where clients are only allowed to communicate to the outside world through a proxy. This is true for most enterprise networks where security is a primary concern.
Usually, the internal networks are configured so that internet traffic from clients is disallowed. This is because such traffic is hard to control. By forcing the users to connect through a proxy, all HTTP traffic can be inspected on application layers for arbitrary attacks, and detected threats can be easily blocked. Since attackers often use HTTPS traffic to circumvent IDS/IPS in such configurations, HTTPS traffic can also be inspected, but that forces the HTTPS sessions to be established from client to proxy and then from proxy to actual HTTPS web server – clients cannot establish an HTTPS session directly to an HTTPS web server.
If we don’t have a web proxy in our internal network and we would like to set it up in order to enhance security, we usually have to set up