Proxy List

Overview

Evidence: Proxy List Description: Collect information about proxy list Category: Network Platform: windows Short Name: prxy Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Windows stores HTTP proxy configuration in the registry. Proxy settings control how Windows and Internet Explorer route HTTP/HTTPS traffic through proxy servers.

Proxy configuration can indicate normal corporate policy or malicious proxy settings used for traffic interception or C2 communication.

Data Collected

This collector gathers structured data about proxy list.

Proxy List Data

Field

Description

Example

ProxyEnabled

Whether proxy is enabled

FALSE

ProxyAddress

Proxy server address and port

proxy.corp.local:8080

Collection Method

This evidence is collected as part of the System collector by reading:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings - ProxyEnable value
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings - ProxyServer value

Forensic Value

Proxy configuration reveals network traffic routing and can indicate traffic interception. Investigators use this data to verify legitimate proxy usage, detect malicious proxy configurations, identify traffic interception attempts, correlate with network traffic patterns, and detect C2 proxy usage.

PreviousProcesses and Modules NextQQ Bookmarks

Last updated 3 days ago

Was this helpful?