The Web Proxy Auto-Discovery Protocol (WPAD) is a method for a browser to automatically discover the proxy configuration file, without any browser configuration, using settings in DNS or DHCP. For more information about this method, refer to the following Internet Engineering Task Force (IETF) draft:
As mentioned above, WPAD will query DHCP and DNS (in that order) to obtain a URL to connect to - apparently LLMNR and Netbios can also be used if no response from DNS is available. Some peculiarities of WPAD-over-DNS enable surprising attack vectors. Attack scenario: Local network via DHCP. DHCP Relay problems - Cisco Community Within the network I administer I use DNS to dish out the wpad script to enable internet access. Recently a couple of new proxy servers were installed and in a attempt to not bloat the original script any further I decided create a new script to issue the wpad config to hosts through the DHCP server using option 252. (Nearly) All You Need to Know About Proxy May 17, 2008 Web Proxy Auto Discovery – text/plain
Browsers search for PAC file in different ways (DHCP or DNS) but DNS method should be the one widely supported. In this article we will describe the WPAD deployment (DNS method) Prerequisites. Proxy set in non-transparent for the zone you want to apply proxy.pac settings to.
Full client support for DHCP is not as ubiquitous as for DNS. That is, not all clients are equipped to take advantage of DHCP for their essential network configuration (assignment of IP address, network mask, etc). APIs for DHCP are not as widely available. Luckily, using DHCP for WPAD does not require either of … MS16-077: Security update for WPAD: June 14, 2016
Feb 11, 2014
Nov 04, 2011 · WPAD using DHCP . A DHCP server must be configured to serve an additional setting in an IP address assignment; option 252. This option specifies the exact location of the PAC file. The file name does not need to follow any specific naming convention, however if WPAD DNS is to be used also, the file must have the file name wpad.dat. Jul 28, 2016 · When WPAD is enabled inside a local network, all clients with WPAD enabled will automagically get the right proxy settings. There is no need to set the URL for the PAC file in each new client. For big organizations this is a win. Setting up WPAD in DHCP and DNS servers is usually a matter of editing one or two lines in config files.