Proxy List
Overview
Section titled “Overview”Evidence: Proxy List
Description: Collect information about proxy list
Category: Network
Platform: windows
Short Name: prxy
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Windows stores HTTP proxy configuration in the registry. Proxy settings control how Windows and Internet Explorer route HTTP/HTTPS traffic through proxy servers.
Proxy configuration can indicate normal corporate policy or malicious proxy settings used for traffic interception or C2 communication.
Data Collected
Section titled “Data Collected”This collector gathers structured data about proxy list.
Proxy List Data
Section titled “Proxy List Data”| Field | Description | Example |
|---|---|---|
ProxyEnabled | Whether proxy is enabled | FALSE |
ProxyAddress | Proxy server address and port | proxy.corp.local:8080 |
Collection Method
Section titled “Collection Method”This evidence is collected as part of the System collector by reading:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings- ProxyEnable valueHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings- ProxyServer value
Forensic Value
Section titled “Forensic Value”Proxy configuration reveals network traffic routing and can indicate traffic interception. Investigators use this data to verify legitimate proxy usage, detect malicious proxy configurations, identify traffic interception attempts, correlate with network traffic patterns, and detect C2 proxy usage.