How to bypass group policy network proxy settings

Hackered
Saturday, April 5, 2014
by Sean McAlinden

I spend most of my working days building or testing web apps and with this I regularly have to monitor and analyse http traffic flowing in and out of applications.

 

In many companies the ability to change network proxy settings is disabled via group policy, this can be a real problem when trying to intercept traffic as having a running proxy is kind of essential.

 

Some tools such as Fiddler happily bypass this group policy lockdown, however some other tools do not such as the CAT tool provided by ContextIs. In these cases you will need to bypass group policy yourself.

 

In this post I'll show you a little bit of code that easily accomplishes this.

 

CAVEAT

Use this code at your own risk

I will not accept any liability if you get yourself told off/sacked/arrested/deported/exiled.

Get permission from your boss before doing this... i.e pass the liability up the chain

 

Lets change some proxy settings then:

We know Fiddler can already do this so lets use the FiddlerCore library, no point re-inventing the wheel.

 

Create a new windows Console app project in visual studio and add the following code to the Program.cs file.

class Program
    {
        static void Main()
        {
            Console.CancelKeyPress += ShutdownProxy;
            
            Fiddler.CONFIG.IgnoreServerCertErrors = true;
            
            Fiddler.FiddlerApplication.Startup(8085, true, false);
            Console.WriteLine("Created proxy on port 8085 and updated WinINet to use it.");
            Console.WriteLine("Hit CTRL+C to end session.");

            var forever = new Object();

            lock (forever)
            {
                System.Threading.Monitor.Wait(forever);
            }
        }

        private static void ShutdownProxy(object sender, ConsoleCancelEventArgs e)
        {
            Console.WriteLine("Shutting down...");
            Fiddler.FiddlerApplication.Shutdown();
            System.Threading.Thread.Sleep(1000);
        }
    }

The above code is hard coded to port 8085 (same as default port in the CAT tool).

You could easily modify this code to accept the required port as an argument if needed.

 

Hitting CTRL+C will close the app and shutdown the proxy.

 

If you have an issue where shutdown didn't undo the proxy settings (i.e. a crash or some other standard windows feature), don't panic, just run the tool again and hit CTRL+C until is shuts down properly.

 

The Thread.Sleep(1000) is there to give FiddlerCore time to alter the WinINet settings, feel free to extend if your machine needs a little more time.

 

Happy hacking.