Detections
Analytics

Proxy Settings '.pac' File Request Detection

info Nessus Network Monitor Plugin ID 7204

Synopsis

This host has requested proxy settings from a remote web server.

Description

Proxy auto-config files, or PAC files provide the ability to auto configure proxy settings for your browser, including the ability to configure proxy settings on a per URL basis. Recent traffic from this host indicates it has requested a '.pac' file from a remote web server. In the past, malicious software has been known to use these files to perform Man-in-the-Middle attacks against affected systems.

Solution

Ensure this configuration is intended. If not, correct or disable the proxy settings on the remote host.

See Also

https://en.wikipedia.org/wiki/Proxy_auto-config

https://technet.microsoft.com/en-us/library/dd361918.aspx

http://www.nessus.org/u?02a8ece2

http://www.nessus.org/u?fd2efa2f

Plugin Details

Severity: Info

ID: 7204

Version: 1.2

Family: Data Leakage

Published: 6/3/2016

Updated: 8/16/2018