Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

De=chiper WPAD script 2

Status
Not open for further replies.
smitee

smitee

Technical User
Oct 8, 2001
548
0
0
CA
Hi All

Season's Greetings

I am a bit confused about Web Proxy Auto-Discovery process. But aside from that can anyone tell me in 'layman's' terms what the following script actually performs?
I recived it as a download after pasting HTTP string I found in registry at SavedLegacySettings.

The contents of wpad.dat

---------------------------------------------------
function FindProxyForURL(url, host)
{
if (
shExpMatch(url, " ||
shExpMatch(url, "news://*") ||
shExpMatch(url, "snews://*") ||
shExpMatch(url, "ftp://*@*") ||
shExpMatch(url, " ||
shExpMatch(url, " ||
shExpMatch(url, " ||
shExpMatch(url, " ||
shExpMatch(url, "*.shaw.ca/*") ||
shExpMatch(url, " ||
shExpMatch(url, " ||
shExpMatch(url, " ||
0
)
{
return("DIRECT");
}


var hash = 0;
hash = (host.length % 2);

if (hash == 0)
{
return("PROXY 64.59.144.30:8080; PROXY 64.59.144.31:8080; DIRECT");
}
else
{
return("PROXY 64.59.144.31:8080; PROXY 64.59.144.30:8080; DIRECT");
}

}
---------------------------------------------------
I'm sort of curious about the Scotiabank reference. Tool is old 486 running Win95; various browser's but M$ IE 5.5sp2 was installed long ago and rarely used
Opera or OffbyOne..

Thanks for any and all responses :smile:

Versions of this posted at Auhma (no response), Broadband (no response), Lurkhere (1-response, essentially useless)

.

smitee
 
Sort by date Sort by votes
A quick google threw out a reference to squid (proxy) configuration.

All the urls listed (they're listed in a form of regular expression), including the scotiabank url, are set to connect directly - not using a proxy. Anything else is set to connect via one of the two proxies mentioned.

---
Marcus
better questions get better answers - faq581-3339
accessible web design - zioncore.com
 
Upvote 0 Downvote
manarth

Thanks for your timely response. I have spent better part of the week reading Googled articles including the one you provided. Unfortunately, with my limited knowledge the info seems to go over my head..

Are you saying I connect directly with the list and if the request is not one of those I connect thru one of the two PROXIES listed at bottom? Can you tell me who makes up the list. This is an old second hand machine from a monitor store..bought it 6 years ago for $140. The monitor has Novell Networks or Server burned into the CRT. Would it be possible they constructed the wpad.dat?

I feel a bit better about it now. A Merry Christmas to you and yours.



smitee
 
Upvote 0 Downvote
smitee,

Chances are that if it's a second-hand machine with this stuff on, it was part of a corporate network. If you're just wanting to use it for home use, you can probably disable all the proxy stuff, and just use your ISPs settings.

Hope this helps,
Dan



[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
 
Upvote 0 Downvote
Hi Dan

Pretty amazing what you and the crew at codecouch do in 20 lines or less.. Kudo's to you and the group.

I started to list Network Setup and was going to add registry entries as well. I open the USER's hive and itemeized about ten entries. Then opened SYSTEM hive, put "proxy" in search box and got over 3200 instances...! I repeat 3,200 instances!!!
I use regdat a nifty .dat reader that I have had for years. I accessed some of the CLSID and Interface keys and see that Trac was running on this machine so I fired of an e-Mail message and hopefully they will respond...

I am a bit relieved because I have an active Kernel32.dll in System Folder, not System32 folder where bad guy is supposed to live...I have him throttled with Outpost at the moment but now understand why Trojan/Worm programs find nothing. Checked the kernel32.dll at JOTTI's and many more suspects ..all clean

So obviously, someone has the other end of my box and I now know its a RAT.. I will pursue these ends over Xmas...Thanks again for suggestion..I cannot believe I did not search Local Machine hive before...:embarrassed:

All the Best...

smitee
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MDGarcia
  • Locked
  • Question
Java script blocked due to MIME type error
Replies
2
Views
212
MDGarcia
MDGarcia
markronz
  • Locked
  • Question
Javascript to edit all script tags 1
Replies
2
Views
79
feherke
feherke
JPSeo
  • Locked
  • Question
How to pass var to the shell script
Replies
1
Views
53
JPSeo
JPSeo
jimbospain
  • Locked
  • Question
script to read in files, parse and add to another file
Replies
1
Views
52
ggriffit
ggriffit
keisha1
  • Locked
  • Question
How can I append/insert multiple text files into one .dbf file using java script /html command
Replies
1
Views
62
Samthyr
Samthyr

Part and Inventory Search

Sponsor

Back
Top