proxy auto config

• https://en.wikipedia.org/wiki/Proxy_auto-config

A proxy auto-config (PAC) file defines how web browsers and other user agents can automatically choose the appropriate proxy server (access method) for fetching a given URL.

A PAC file contains a JavaScript function FindProxyForURL(url, host). This function returns a string with one or more access method specifications. These specifications cause the user agent to use a particular proxy server or to connect directly.[1]

Multiple specifications provide a fallback when a proxy fails to respond. The browser fetches this PAC file before requesting other URLs. The URL of the PAC file is either configured manually or determined automatically by the Web Proxy Auto-Discovery Protocol.

Modern web browsers implement several levels of automation; users can choose the level that is appropriate to their needs. The following methods are commonly implemented:

• Automatic proxy selection: Specify a host-name and a port number to be used for all URLs. Most browsers allow you to specify a list of domains (such as localhost) that will bypass this proxy.
• Proxy auto-configuration (PAC): Specify the URL for a PAC file with a JavaScript function that determines the appropriate proxy for each URL. This method is more suitable for laptop users who need several different proxy configurations, or complex corporate setups with many different proxies.
• Web Proxy Auto-Discovery Protocol (WPAD): Let the browser guess the location of the PAC file through DHCP and DNS lookups.

The Proxy auto-config file format was originally designed by Netscape in 1996 for the Netscape Navigator 2.0[2] and is a text file that defines at least one JavaScript function.

In 2013, researchers began warning about the security risks of proxy auto-config.[6] The threat involves using a PAC, discovered automatically by the system, to redirect the victim's browser traffic to an attacker-controlled server instead.

Another issue with pac-file is that the typical implementation involve clear text http retrieval, which does not include any security features such as code signing or web certificates. Attackers can perform man-in-the-middle attacks easily.

• https://github.com/anticensority/about-pac-scripts/blob/master/pac-script-api-chrome-55.md (github-ный акк Обход блокировок Рунета для Google Chrome и FireFox, последнее обновление репов в конце 2025 года )
  • https://github.com/anticensority/runet-censorship-bypass
  • https://github.com/anticensority/runet-censorship-bypass/wiki/PAC-%D1%81%D0%BA%D1%80%D0%B8%D0%BF%D1%82-%C2%AB%D0%90%D0%BD%D1%82%D0%B8%D1%86%D0%B5%D0%BD%D0%B7%D0%BE%D1%80%D0%B8%D1%82%D0%B8%C2%BB-%D0%B4%D0%BB%D1%8F-Firefox-%D0%B8-Chrome
• https://github.com/mehdipourfar/pacgen – генератор PAC на python из ямла

Про Chrome

• https://chromium.googlesource.com/chromium/src/+/HEAD/net/docs/proxy.md

firefox

• https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file