Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Tue, 12 Aug 2025 20:13:42 -0000 (UTC), Marion wrote :

Meanwhile, I've been testing the VPN extensions which passed the initial tests, where my fungible test-rating system puts them in this order:
browsec
1clickvpn
1vpn
vpnly
xvpn
securefreeedgevpn
setupvpn

Bearing in mind these all failed the most basic initial VPN tests.
hotspotshieldvpn
itopvpn
protonvpn
urbanvpn
hidemevpn
hiddenbatvpn
tunnelbearvpn
windscribevpn

UPDATE:

I ditched the VPN extensions in order to test a SOCKS5 proxy tunnel.
browsec ==> the best, but it slows down drastically in a week
1clickvpn ==> seems to slow down drastically in just days
1vpn ==> seems to slow down drastically in just days
vpnly ==> seems to slow down drastically in just days
xvpn ==> seems to slow down drastically in just days
securefreeedgevpn ==> seems to slow down drastically in just days
setupvpn ==> seems to slow down drastically in just days
hoxx ==> seems to slow down drastically in just days

hotspotshieldvpn ==> fails the initial VPN extension test conditions
itopvpn ==> fails the initial VPN extension test conditions
protonvpn ==> fails the initial VPN extension test conditions
urbanvpn ==> fails the initial VPN extension test conditions
hidemevpn ==> fails the initial VPN extension test conditions
hiddenbatvpn ==> fails the initial VPN extension test conditions
tunnelbearvpn ==> fails the initial VPN extension test conditions
windscribevpnv ==> fails the initial VPN extension test conditions

Bad news. Very bad news. All the VPN extensions slow down tremendously, it seems, within a few days of using them. So I tried something else that is
free, login free and hopefully, much faster than VPN extensions are.
a. Psiphon (Socks5 proxy)
b. Freecap (Socks5 redirector)
c. Brave browser (with a score of privacy extensions)

A. Psiphon is not a traditional VPN but rather a circumvention tool that
uses a mix of VPN, SSH, and HTTP proxy technologies to bypass censorship.

B. Freecap (or Proxifier) is used to route app traffic (such as that of a browser) through a SOCKS5 proxy to achieve selective traffic tunneling.

C. Brave + Privacy Extensions for fingerprinting and tracking protection.

I also uninstalled NoScript as it was a royal pita to manage.
I also removed the non-privacy extension disablehtml5autoplay.

Here's what I'm currently testing (where IP obfuscation & speed are key).
Psiphon + Freecap + Brave privacy browser + privacy extensions

https://psiphon.ca/
Name: psiphon3.exe
Size: 10402576 bytes (10158 KiB)
SHA256: DB1BAF76F0333F4743919A86F35037559F9E7DA7DF14982DFC16FB8DC0BE6BE2

https://freecap.apponic.com/download/
Name: freecap_setup_eng.exe
Size: 1644848 bytes (1606 KiB)
SHA256: C3D4929AB5A5867A6BE9914FF94DEFEFED6762748EDB1E351C86EBC5A02D46EC

Here are the current set of privacy extensions (many for fingerprinting):
brave://system/ > extensions > Expand
bhchdcejhohfmigjafbampogmaanbfkg : User-Agent Switcher and Manager
cjpalhdlnbpafiamejdnhcphjbkeiagm : uBlock Origin
fhcgjolkccmbidfldomjliifgaodjagh : Cookie AutoDelete
fhkphphbadjkepgfljndicmgdlndmoke : Font Fingerprint Defender
fjkmabmdepjfammlpliljpnbhleegehm : WebRTC Control
gjldcdngmdknpinoemndlidpcabkggco : Extension Manager
hhnhplojcganfmfimkeboiipphklcbih : Location Guard (V3)
hnkcfpcejkafcihlgbojoidoihckciin : Referer Control
jaoafjdoijdconemdmodhbfpianehlon : Skip Redirect
jjbikklopibeimjelkohlldbjcdnofei : StayInTab
lckanjgmijmafbedllaakclkaicjfmnk : ClearURLs
ldpochfccmkkmhdbclfhpagapcfdljkj : Decentraleyes
njdfdhgcmkocbgbhcioffdbicglldapd : LocalCDN
njkmjblmcfiobddjgebnoeldkjcplfjb : Trace - Online Tracking Protection
nomnklagbgmgghhjidfhnoelnjfndfpd : Canvas Blocker - Fingerprint Protect
pkehgijcmpdhfbdbbnkijodmdjhbjlgp : Privacy Badger
pmcpffnpjncfplinfnjebjoonbncnjfl : CthulhuJs (Anti-Fingerprint)

And this is what I'm currently testing in the DIY browser where SPEED
(and IP obfuscation) turn out to be the hardest things to get this way.

How to add Socks5 to your Windows 10 browser sessions:
1. Start Psiphon & make a note of the SocksV5 port in the log output
2. Start Freecap & add the Socks5 port for Brave into the settings
3. Add Brave (or any browser) into the Freecap settings
4. In Freecap, add any command-line performance flags for the application:
--disable-background-timer-throttling
--disable-backgrounding-occluded-windows
--disable-renderer-backgrounding

Voila!

This setup routes only selected web browser traffic via FreeCap through Psiphon, offering selective IP obfuscation & hopefully maintaining speed.

If this works, we can ditch the problematic VPN extensions, all of which
seem to either fail the initial tests or severely slow down in just days.

I just started testing it, but I post this so that others who actually
know what they're doing can add value to how they do Socks5 tunneling!

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Mon, 18 Aug 2025 00:20:15 -0000 (UTC), Marion wrote :

How to add Socks5 to your Windows 10 browser sessions:
1. Start Psiphon & make a note of the SocksV5 port in the log output
2. Start Freecap & add the Socks5 port for Brave into the settings
3. Add Brave (or any browser) into the Freecap settings
4. In Freecap, add any command-line performance flags for the application

OMG. Everything I touch in Windows has needlessly unnecessary complexity.

I should note that you'd think we could just set the proxy inside the
browser, and, well, um, er, we can, in some browsers. Like in Firefox.

However, Brave doesn't have native proxy settings inside of it.
Neither does Ungoogled Chromium. Bummer.

For the three browsers, things have to be done different ways:
a. Firefox has its own manual proxy settings native to the browser
b. Ungoogled Chromium can use Windows command-line proxy settings
c. But Brave has to use Windows proxy settings (or FreeCap to proxify it)

Psiphon dynamically assigns proxy ports for each session, for example...
SOCKS5: 127.0.0.1:1080 (the port changes each instance)
HTTP/HTTPS: 127.0.0.1:8080 (the port changes each instance)

Once you have those ports, here's the manual Firefox setup:
Firefox:Settings > General > Network Settings > [Settings]
Configure Proxy Access to the Internet > Manual proxy configuration
SOCKS Host = 127.0.0.1
Port = 1080
(o) SOCKS v5
[x] Proxy DNS when using SOCKS v5
Note: Firefox can also make use of the FoxyProxy Extension.
Firefox handles DNS via SOCKS5 if the box is checked,
but other apps may leak DNS unless proxified.

Ungoogled Chromium can be launched directly using those proxy flags.

ungoogled-chromium --proxy-server="socks5://127.0.0.1:1080" ungoogled-chromium --proxy-server="http=127.0.0.1:8080"

Brave is easiest to set up with a proxifier such as FreeCap.
Freecap3.18:File > Settings > Default proxy > Proxy settings
Default proxy > Server = 127.0.0.1 Port: = 1080
Protocol (o) Socks v5
This sets Psiphon'[s SOCKS5 proxy for apps launched through FreeCap.

Or we can set up Windows globally to use Psiphon's SOCKS5 proxy.
But Windows 10 does not natively support SOCKS5 in its GUI proxy settings. Windows 10 only supports HTTP/HTTPS proxies directly. Aurgh.

Here's one way to set up SOCKS5 proxy globally in Windows 10.
Win+R > control
Internet Options
Click the "Connections" tab on that "Internet Properties" dialog
Click the "LAN Settings" button near the bottom of that display
This brings up the "Local Area Network (LAN) Settings" form
[x] Use a proxy server for your LAN
Click the [Advanced] button in that LAN Settings form
Uncheck [_]Use the same proxy for all protocols
Socks = 127.0.0.1 Port = 1080
[OK][OK][OK]

In summary, once you have the SOCKS5 proxy ports defined, you can set up
your web browser to use it, but each browser does it differently.

Sigh.

And if you think that's confusing, guess what else is confusing?

The Windows 10 LAN Settings method let you enter SOCKS5, but Windows
doesn't actually honor SOCKS5 in that dialog.

Windows 10 only applies HTTP/HTTPS proxies.

So while you can enter the SOCKS5 values into that Windows 10 dialog,
Windows 10 won't use the values for most apps unless those apps explicitly support SOCKS5 via system proxy (which is rare - but which is what Brave
does).

Oh, and if you think Windows 11 is "better", guess again!
You cannot select SOCKS5 in the Windows 11 built-in proxy GUI.

Even if you enter a SOCKS5 address in the Windows 11 Manual proxy setup, Windows 11 will treat it as an HTTP proxy and fail to route traffic
properly. OMG.

Did I mention everything I touch in Windows is unnecessarily complex?

Here's the summary (and yes, I'm still confused, but I think it's right).
Windows 10 GUI limitations:
You can enter SOCKS5, but Windows doesn't honor it
Only HTTP/HTTPS proxies are applied system-wide
Windows 11:
No SOCKS5 support
SOCKS5 entries are treated as HTTP proxies and fail

That's why you essentially need a proxifier, such as FreeCap is.
(Or Proxifier, WideCap, SocksEscort, ProxyCap, etc.)

So now we're back to Brave, which natively supports a system proxy, but
Windows doesn't support SOCKS5 system-wide, so Brave actually can't use
SOCKS5 unless proxified (which is where FreeCap came into play).

Sigh. Why is privacy so hard to achieve. :)

I'm just beginning to learn this stuff, so if anyone out there is familiar
with using SOCKS5 for IP-address obfuscation, please add your value.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Mon, 18 Aug 2025 16:42:08 -0000 (UTC), Marion wrote :

However, Brave doesn't have native proxy settings inside of it.

I decided to test the latest Brave version which turned out not to be as
easily figured out how to get the offline installer as you'd think.

A. If you go to the Brave download page, all you get is a web stub.
<https://brave.com/>
<https://brave.com/download/>
But then that's useless for your software archives.
Especially if you're uninstalling & installing repeatedly as I am.

B. You can get the latest stable release from "someone's" archives, e.g.,
<https://techviral.net/download-brave-browser/>
But then you are trusting that they're reputable.
They probably are - and you can check hashes - but there's a better way.

C. You would think you could get the latest release from GitHub, right?
<https://github.com/brave/brave-browser/releases>
a. Find the latest stable version
b. Expand the Assets section
c. Download BraveBrowserStandaloneSetup.exe for Windows
But there are a billion releases there, which are confusing to navigate.

D. A "trick" is to go to this GitHub repo Brave Release Tracker site:
<https://github.com/release-monitoring-project/brave-release-tracker>
This project automatically monitors Brave's official releases
and posts only the latest stable builds for Windows, macOS & Linux.

It updates hourly and includes direct download links to the
offline installers, but even then, you have to know how to find it.
a. Go to the Releases section of that tracker repo
b. Click the latest release (e.g., v1.81.135)
<https://github.com/release-monitoring-project/brave-release-tracker/releases>
c. That takes you to a page with a text json file
<https://github.com/release-monitoring-project/brave-release-tracker/releases/download/v1.81.135/brave_download_links.json>
Open that json file in a text editor & it tells you where the zip is.

With that in mind, here's how to get the latest stable Brave zip archive.
1. Go to the Brave Release Tracker:
<https://github.com/release-monitoring-project/brave-release-tracker/releases>
2. Click the latest stable release (e.g., v1.81.135)
3. Save and then open the text file in any text editor.
brave_download_links.json
4. Find the Windows 64-bit offline installer link listed in that file:
<https://github.com/brave/brave-browser/releases/download/v1.81.135/brave-v1.81.135-win32-x64.zip>
5. Download the specified ZIP file.
6. Extract the contents (e.g., C:\Software\Chrome-Based\Brave\.)
7. Run the executable or installer executable inside that zip file.
8. (Optional) Verify the file integrity using the SHA-256 checksum:
<https://github.com/brave/brave-browser/releases/download/v1.81.135/brave-v1.81.135-win32-x64.zip.sha256>

Note that this is useful when you're constantly testing software.
Especially when you need to start fresh with the latest release.
And yet you want to be able to archive the release you tested.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

ANOTHER USEFUL UPDATE

Doubling up the protection (like adding layers to an onion)!

I was checking tracert test outputs when something strange revealed itself.
I had forgotten to turn off the randomized system-wide VPN connections.

It only then occurred to me that I could layer a system-wide VPN over the SOCKS5 proxy for apps (for an added layer of obfuscating protection).

Here's the fundamental process:
A. Start any free no-registration system-wide VPN.
B. Start the FOSS Psiphon tools to connect to a SOCKS5 proxifier port.
C. Set up apps to use that port using FreeCap settings set to that port.

Now, when you run apps in Windows such as torrents or web browsers...
1. Your ISP sees only your activity on the system-wide VPN IP address
2. Your VPN server only sees your real IP address & the Psiphon IP address
3. Psiphon only sees your VPN IP address & the ultimate server IP address
4. The ultimate server only sees the Psiphon IP address
5. Your web fingerprint is protected by your privacy protecting extensions

All this is done using a score of registration-free ad-free privacy tools.
a. Free no-registration public VPN servers
b. Free no-registration Psiphon SOCKS5 servers
c. Free no-registration FreeCap app proxifier
d. Free no-registration browser privacy extensions
1. allfingerprintdefender
2. canvasblocker
3. clearurls
4. cookieautodelete
5. cthulhujs
6. decentraleyes
7. fontfingerprintdefender
8. localcdn
9. locationguard
10. privacybadger
11. privacypossum
12. referercontrol
13. skipredirect
14. stayintab
15. trace
16. ublockorigin
17. useragentswitcher
18. webrtccontrol

Remember the golden privacy rule is never register for anything on the net.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Tue, 19 Aug 2025 11:00:40 -0000 (UTC), Marion wrote :

Here's the fundamental process:
A. Start any free no-registration system-wide VPN.
B. Start the FOSS Psiphon tools to connect to a SOCKS5 proxifier port.
C. Set up apps to use that port using FreeCap settings set to that port.

If it takes two button clicks, that's one too many, and if a click exposes your privacy, then we have to think about how to protect our privacy.

To both those ends, I improved the process this morning of running a
free no-registration system-wide random VPN first, and then running
Psiphon with a static SOCKS5 port of 1080 so that when I run the
privacy web browser from FreeCap, I now don't need to set the SOCKS5
port each time.

One "privacy" problem, albeit minor, with Psiphon, is that it brings
up an advertisement on your default web browser during startup.

Drat. That sucks. It's not harmful, but it exposes your privacy.
Needlessly.

So let's fix that pronto using basic Windows tricks of setting
the default web browser to a batch file that does whatever I want.

Besides, even with a random system-wide no-registration free VPN running,
it's still bad form for Psiphon to be bringing up a default browser to
an advertisement which can, for all we know, rot privacy in some way.

That browser session unilaterally launched by Psiphon isn't yet proxified.
As I said many times, privacy is like hygiene. It's a billion things.

Removing that initial privacy flaw at Psiphon startup needed to be done.

Unfortunately, the free Psiphon doesn't have switches to turn that off.

psiphon3.exe -mode=socks <== this doesn't exist... bummer

We might like to set up the Tor browser as the default because it can
open up unconnected, but it's problematic to set a Tor browser as
the default (since Tor doesn't register itself as a Windows browser).

So let's just create a dummy web browser for Psiphon to invoke.
@echo off
REM C:\path\to\dummybrowser.bat 20250819 revision 1.0
set LOGFILE=C:\path\to\dummybrowser.log
echo [%date% %time%] Attempted launch: %* >> %LOGFILE%
start "" "C:\path\to\gvim.exe" "%LOGFILE%"
exit

Since Windows won't set the default web browser to a batch
file, let's convert that dummybrowser.bat to dummybrowser.exe
using any of a number of batch-to-executable converters.

<https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases>
<https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases/download/3.2/Bat_To_Exe_Converter_x64.exe>
1. Open that "Bat To Exe Converter v3.2" executable.
2. Select your .bat file using the folder icon.
3. At the right, in Options, there is "Exe-Format" with these choices
32-bit | Console (Visible)
32-bit | Windows (Invisible)
64-bit | Console (Visible)
64-bit | Windows (Invisible) <== Use this to compile a batch file
as a 64-bit GUI-style exe that runs silently with no console window.
4. Click the "Convert" button to convert batch to exe.
5. Choose your output path in the "Save as" field.
(Optional) Add an icon or version info.

But you still can't select the dummy browser yet as it's not registered.
Win+I > Apps > Default apps > Web browser >
Choose default apps by file type
Choose default apps by protocol
Set defaults by app
Recommended browser settings

You first need to register your exe as a web browser in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet

To do that, right-click "merge" this registry file:

gvim C:\path\to\register_dummy_browser.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser]
@="Dummy Browser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities]
"ApplicationName"="Dummy Browser"
"ApplicationDescription"="A privacy-preserving dummy browser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities\FileAssociations]
".htm"="DummyBrowserHTML"
".html"="DummyBrowserHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities\URLAssociations]
"http"="DummyBrowserHTML"
"https"="DummyBrowserHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DummyBrowserHTML\shell\open\command]
@="\"C:\\path\\to\\dummybrowser.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Dummy Browser"="Software\\Clients\\StartMenuInternet\\DummyBrowser\\Capabilities"

Now you can select the dummy browser as your default web browser.
Win+I > Apps > Default apps > Web browser > dummybrowser.exe

Voila!

Now, when you start Psiphon, it tries to launch the advertisement
using the default browser, which happens to simply log the attempt.

As always, privacy, like hygiene, is a billion things done every day.

If you have improvements to share, please let the team know so
we all benefit from every effort at improving privacy on Windows.

In summary, two improvements were made in today's progress:

1. Psiphon & FreeCap were set to a static SOCKS5 port of 1080
2. Psiphon's advertisement web browser session was annulled

Please improve if you also need privacy in web browser sessions.


--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Tue, 19 Aug 2025 15:17:17 -0000 (UTC), Marion wrote :

To both those ends, I improved the process this morning of running a
free no-registration system-wide random VPN first, and then running
Psiphon with a static SOCKS5 port of 1080 so that when I run the
privacy web browser from FreeCap, I now don't need to set the SOCKS5
port each time.

UPDATE:

Since we're layering free no-registration VPNs onto open source proxies
onto free no-registration proxifiers onto free no-registration privacy extensions, it behooves us to be able to check proxy settings dynamically.

I never messed with proxies before, but darn'it, Windows splatters proxy settings all over the place, such that I needed a quick testing script.

Below is a script which simplifies visibility and control over what turns
out to be a devilishly fragmented system of how Windows defines proxies.
a. WinINET: Used by Internet Explorer, Chrome, and many apps;
b. WinHTTP: Used by system services and background tasks;
c. PAC/AutoDetect: Dynamic proxy configuration via commands.

Unfortunately, I've run into this proxy setup complexity due to using
A. VPN, which encrypts traffic and changes routing;
B. Psiphon, which tunnels & encrypts SOCKS5 & HTTPS traffic;
C. FreeCap, which redirects app traffic through SOCKS proxies.

The proxy.bat script included below checks all three methods at once
which gives us a clear snapshot of what the Windows proxy setup is.

To that end, we add a new command to run in your Win+R taskbar Runbox:
Win+R/Runbox > proxy
Which executes this added registry "App Paths" key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
Which runs this proxy checking tool (see the tool below in its entirety):
C:\sys\bat\proxy.bat

===< cut here for proxy.bat >===
@echo off
REM proxy.bat 20250820 v1.0 ­X Unified Windows check-proxy diagnostic tool
REM Reports: WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM 20250820 rev 1.0
REM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
REM Default=C:\sys\bat\proxy.bat ==> creates "Win+R > proxy" command
setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

echo ==============================================
echo WINDOWS PROXY CONFIGURATION CHECK
echo ==============================================

REM --- WinINET (manual proxy) ---
echo.
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy ---
echo.
echo [2] WinHTTP proxy (system/background services)
netsh winhttp show proxy

REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B

if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)

echo.
echo ==============================================
echo Check complete.
echo ==============================================

endlocal
pause
===< cut here for proxy.bat >===

As always, this is posted to help others copy & paste
(where wasbit's kind and helpful advice is appreciated)
this script as part of their addition of privacy to Windows.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Wed, 20 Aug 2025 18:27:08 -0000 (UTC), Marion wrote :

I never messed with proxies before, but darn'it, Windows splatters proxy settings all over the place, such that I needed a quick testing script.

UPDATE

Turns out I didn't need to use FreeCap to proxify Chromium web browsers.

Mozilla'based browsers (Firefox, Thunderbird, etc.) have their own internal proxy settings and, by default, ignore the Windows proxy unless you
explicitly tell them to use it.

Unlike Mozilla-based browsers which have those proxy GUIs, Chromium-based browsers do not have built-in proxy configuration GUIs.

So I thought I needed to proxify Chromium-based web browsers with FreeCap.
But I was wrong.

Turns out it's the other way around.

Chromium-based browsers apparently directly inherit proxy settings from the operating system, including:
a. From WinINET (used by most desktop apps)
b. Or from PAC scripts and AutoDetect
c. Or from manual proxy entries like that which Psiphon3 sets.
Win+I > Settings > Network & Internet > Proxy > Manual proxy settings
[http=127.0.0.1:30884;https=127.0.0.1:30884;socks=127.0.0.1:1080]

Also Chromium-based browsers can also be proxified at the command line:

brave.exe --proxy-server="http=127.0.0.1:30884;https=127.0.0.1:30884;socks=127.0.0.1:1080"

So I don't think we need FreeCap to proxify our DIY Chromium-based privacy browsers but we can still use FreeCap to proxify the Mozilla browsers.

However, we could also configure Firefox's own proxy settings (Preferences

Network Settings) to point directly to Psiphon's SOCKS5 port, skipping

FreeCap entirely. If we want this to persist across profiles or installs, LibreWolf even lets us set it in a librewolf.overrides.cfg file.

Mullvad's own help docs describe doing this for their own SOCKS5 proxy, but
the steps are identical for Psiphon's proxy ports.

FreeCap is still useful for apps that don't have built-in proxy support,
but apparently all web browsers have it - they just do it differently.

Chromium ==> respects Windows proxy settings (which Psiphon sets for you)
Mozilla ==> ignores Windows proxy settings (but has their own settings)

Who knew? Not me. The more I try to build a DIY privacy browser, the more I learn how different the two main web browser platforms are from each other.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Thu, 21 Aug 2025 04:11:10 -0000 (UTC), Marion wrote :

Chromium ==> respects Windows proxy settings (which Psiphon sets for you)
Mozilla ==> ignores Windows proxy settings (but has their own settings)

UPDATE:

Aurgh. There are layers to this Windows socks5 stuff such that some apps
use one layer while other apps use a different layer. Who knew? Not me!

Everything in Windows having to do with privacy seems to have more layers.

I started checking whether non-browser apps used Windows proxy settings,
where it turns out pgms like Telegram & CoPilot are different than
browsers are (which themselves are different in how each handle proxy).

Running the previously posted "proxy.bat" showed that Psiphon modified the WinINET (user apps, browsers) proxy (127.0.0.1:17561 / socks at 127.0.0.1:1080) but not the WinHTTP (system/background services) proxy.

Sigh. Half a solution is not a full solution.
In fact, even with Psiphon, WinHTTP was was set to direct access (no proxy).

The fix is to always copy the WinINET proxy config into WinHTTP.
Win+R > cmd {ctrl+shift+enter}

netsh winhttp import proxy source=ie

Now system services (which often ignore WinINET) will use
Psiphon's proxy as well. It also set a bypass list so that
local/private subnets avoid the proxy.

This is needed so that any Windows component that uses WinHTTP (like parts
of Copilot, Windows Update, some Microsoft Store traffic) will respect the Psiphon proxy, matching the existing Psiphon browser/app proxy settings.

To test:
a. Temporarily clear WinHTTP proxy:
C:\> netsh winhttp reset proxy

b. Run Win+R > proxy
The proxy.bat script should detect 'No WinHTTP proxy set'
and it should then import settings from WinINET automatically.
c. Set a custom WinHTTP proxy:
C:\> netsh winhttp set proxy proxy-server="http=1.2.3.4:8080"

d. Run Win+R > proxy
The proxy.bat script should detect an existing WinHTTP proxy
and therefore it should NOT overwrite it.

Below is the improved proxy.bat script to accomplish the sync above.

===< cut here for improved proxy.bat which handles more programs >===
@echo off
REM proxy.bat 20250820 v1.2
REM Use model: "Win+R > proxy" (diagnostic + proxy import if WinHTTP is unset)
REM Unified Windows proxy diagnostic tool with WinHTTP sync safeguard
REM "Win+R > proxy /sync imports WinINET proxy directly into WinHTTP
REM Reports: WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
REM Default=C:\sys\batch\proxy.bat
REM That App Paths key creates the convenient "Win+R > proxy" command
REM
setlocal

:: --- Quick /sync mode ---
if /i "%~1"=="/sync" (
echo Syncing WinINET proxy into WinHTTP...
netsh winhttp import proxy source=ie
echo Done.
pause
exit /b
)

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

echo ==============================================
echo WINDOWS PROXY CONFIGURATION SET/CHECK/FIX
echo ==============================================

REM --- WinINET (manual proxy) ---
echo.
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy ---
echo.
echo [2] WinHTTP proxy (system/background services)

REM Get current WinHTTP proxy setting
for /f "tokens=1,* delims=:" %%A in ('netsh winhttp show proxy ^| findstr /R /C:"Proxy Server(s)"') do set curWinHTTP=%%B

REM Trim leading/trailing spaces
set curWinHTTP=%curWinHTTP:~1%

if "%curWinHTTP%"=="" (
echo No WinHTTP proxy set - importing from WinINET...
netsh winhttp import proxy source=ie >nul 2>&1
) else (
echo WinHTTP proxy already set - leaving as is.
)

REM Show current WinHTTP proxy after check/import
netsh winhttp show proxy

REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B

if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)

echo.
echo ==============================================
echo Windows proxy set/check/fix complete.
echo ==============================================

endlocal
pause

===< cut here for improved proxy.bat which handles more programs >===

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Thu, 21 Aug 2025 04:11:10 -0000 (UTC), Marion wrote :

Turns out I didn't need to use FreeCap to proxify Chromium web browsers.

UPDATE ON FREE REGISTRATION-FREE AD-FREE PROXIFIERS:

Some programs need proxifiers (like FreeCap, which I used for a week).
a. Mozilla browsers have their own proxy controls
b. Chromium browsers use the Windows proxy defaults
c. But many programs use neither

For those programs which need proxifiers, I found a better proxifier.
A. FreeeCap
B. SocksCap64

FreeCap is lightweight and still works for basic SOCKS4/5 or HTTP proxying,
but it's frozen in time while SocksCap64 has been updated more recently.
<https://sourceforge.net/projects/sockscap64/>
Actively maintained (though updates are infrequent)
SOCKS4, SOCKS5, HTTP, and Shadowsocks; supports both TCP & UDP
"SocksCap64 is an easy and a beautiful way to let the programs
you want to work through a specific SOCKS proxy server,
even if your applications don't have such an option."

SocksCap64 is the more modern, feature-rich choice, with broader protocol support, UDP handling, and better compatibility with current Windows.
<https://netactuate.dl.sourceforge.net/project/sockscap64/SocksCap64-setup-3.6.exe>
Name: SocksCap64-setup-3.6.exe
Size: 6193115 bytes (6047 KiB)
SHA256: B2DA49EC9A2702CFD7625D3F152AF98A4C8E3E155DAB78686962BB3DF1F76825

Having only used proxies for a short time, my current advice is:
1. For Chromium browsers, use the script I wrote to sync to Windows
2. For Mozilla browsers, use their own GUIs (or FoxyProxy's GUI)
3. For most other apps, use a proxifier such as SocksCap64/FreeCap are

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Sun, 24 Aug 2025 09:48:33 +0100, Jim the Geordie wrote :

On 24/8/2025 2:28 am, D wrote:

best browser extension ever invented by man . . .

Firefox 142.0
Tools > Extensions and Themes [Ctrl+Shift+A]

Switched to it from Adblock for many years... couldn't quite remember
why. Something to do with Firefox changing its add-on mechanism.

Adblock started allowing certain ads through:

"Starting with version 2.0, Adblock Plus started allowing "acceptable
ads" by default,[72] with acceptable ad standards being set by The
Acceptable Ads Committee.[73] They charge large institutions fees to
become whitelisted and marked as "acceptable", stating "[Adblock Plus]
only charge large entities a license fee so that we can offer the same
whitelisting services to everyone and maintain our resources to develop
the best software for our users." on their about page.[74]"

From https://en.wikipedia.org/wiki/Adblock_Plus

uBlock Origin doesn't play that game.

If you use Brave Browser, no adblocking add-on is needed.

My two cents... bearing in mind I never used extensions until early July
when Epic Privacy Browser went bust... I'm building two sets of DIY privacy browsers where I've settled (currently) on almost a score of extensions
(not counting VPN extensions) which are the following currently for the Chromium side of the family (given it was easier than the Mozilla side).

Browser: Brave and/or Ungoogled Chromium (LibreFox and/or MullVad)
1. Canvas Blocker - Fingerprint Protect : version 0_2_2
2. ClearURLs : version 1_26_0
3. Cookie AutoDelete : version 3_8_2
4. CthulhuJs (Anti-Fingerprint) : version 8_0_6
5. Decentraleyes : version 3_0_0
6. Extension Manager : version 9_5_2
7. Font Fingerprint Defender : version 0_1_6
8. LocalCDN : version 2_6_79
9. Location Guard (V3) : version 3_0_0
10. Privacy Badger : version 2025_5_30
11. Referer Control : version 1_35
12. Skip Redirect : version 2_3_6
13. StayInTab : version 1_0
14. Trace - Online Tracking Protection : version 3_0_6
15. uBlock Origin : version 1_65_0
16. User-Agent Switcher and Manager : version 0_6_4
17. WebRTC Control : version 0_3_3
18. NoScript is useful, but I find it a PITA so it's disabled for now.

The question came up from Mr. Man-wai Chang about Adblock Plus.

While there will always be overlap when you have a score of extensions,
a. uBlock Origin is more efficient (apparently)
b. It's said to be more powerful in supporting advanced rule creation
c. It's said to support dynamic & cosmetic filtering
c. Critically, it doesn't have an "acceptable ads" program
d. And it's often considered more actively maintained

Since there is a large amount of overlap, I left AdBlock Plus out of the
mix of privacy extensions that I'm testing for the DIY privacy browser(s).

But I could be wrong as I must state openly I never touched extensions
until being forced to give up on my daily driver privacy browser in July.

Side Note: The VPN extension test covering a score of supposedly free, ad
free, registration free VPN extensions is still a work in progress
covering, so far, the following successful & failed VPN extensions:

These passed initial testing criteria (free, account free, ad free):
1. browsec
2. hoxx
3. securefreeedgevpn
4. setupvpn
5. vpnly
6. xvpn
7. 1clickvpn
8. 1vpn

These failed initial testing criteria (free, account free, ad free):
a. hiddenbatvpn
b. hidemevpn
c. hotspotshieldvpn
d. itopvpn
e. protonvpn
f. tunnelbearvpn
g. urbanvpn
h. windscribevpn

Correction: I correct an earlier assessment that all the VPN extensions
"slow down" drastically within days; I think some of that is due to the plethora of privacy-baswed extensions - so I switched the testing over to testing instead the free,adfree,registrationfree system-wide VPNs with a free-adfree-regfree socks5 proxy (Psiphon) and, for non-browser
applications, a free-adfree-regfree proxifier such as ProxyCAp64/FreeCap.

Note I found out the hard way that Mozilla browsers handle proxies very differently than do Chromium browsers, which themselves handle proxies differently than most programs do where Windows has three layers of proxies that I had to write scripts (e.g., proxy.bat which morphed yesterday to proxy.cmd due to Windows quirks) to synchronize manually the three proxy mechanisms what Windows should have synchronized automatically. Sigh.

Note also that there are too many free/regfree/adfree system-wide
openvpn.exe free public VPN servers out there to list (many thousands!) so
it will take a while before I test them all sufficiently to declare which
free system-wide VPN server set is the easiest & fastest as all require additional software (e.g., softether or openvpn.exe) and scripts (due to changing passwords mostly).

Lastly, I wasted days testing proxy servers, of which there are so many thousands out there that you'd go nuts trying them all, but they're all apparently abysmal in terms of reliability compared to the acceptable reliability of the free public no-registration openVPN services that I'm currently testing. After days of a miserable existence testing them,
writing script after script after script to deal with their ephemeral
nature, I gave up concluding that you'd have to have TLA-like resources to
keep up with the few proxy services which stay alive long enough to be
useful.

Apologies for the long-winded response but that's the status of my testing
in a nutshell, in the fewest words that still convey accurate assessment.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

UPDATE ON PRIVACY POSSUM:


On Tue, 26 Aug 2025 12:23:58 -0700, NFN Smith wrote :

I notice that PrivacyPossum isn't included here, but I don't think
that's an issue. I looked at that briefly recently, and while the anti-fingerprinting aspect is attractive, I didn't see that it did
anything useful for me.

Thanks for your excellent updates, where I'll need to respond to each of
the important ones alone and individually as each is a separate topic.

As can be seen in the DIY privacy browser thread, Privacy Possum was "attempted" but we had problems with VPN extensions on DIY privacy-based Mozilla browsers (i.e., librefox & mullvad) so we tested the extensions on Chromium first, where wasn't found so I gave up too early on it early on.

PrivacyPossum
https://github.com/cowlicks/privacypossum
No packages published https://chrome.google.com/webstore/detail/privacy-possum/ommfjecdpepadiafbnidoiggfpbnkfbj
This item is not available

However, Privacy Possum is apparently alive & well for Mozilla browsers.
<https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/>
Blocks third-party cookies
Strips referer headers
Spoofs browser fingerprinting attempts
Detects and blocks ETag tracking
Prioritizes making tracking inefficient rather than impossible

As you already astutely noted, there's overlap galore, such as
a. Trace covers fingerprinting & ETag blocking
b. Privacy Badger learns and blocks trackers dynamically
c. uBlock Origin blocks tracking methods with filter lists
d. Canvas Blocker, CthulhuJs, Font Fingerprint Defender all put together,
they cover fingerprinting well

While those are direct analogs of what Privacy Possum does,
A. ClearURLs removes tracking parameters from URLs,
which complements Privacy Possum's goal but isn't a direct match.
B. Decentraleyes / LocalCDN prevents CDN-based tracking by serving
local resources which is not part of Privacy Possum's core.
C. Location Guard obfuscates geolocation data, which is adjacent
to fingerprinting but it's not a Privacy Possum direct match.
D. WebRTC Control prevents IP leaks via WebRTC, which is important
for privacy but also it's not part of Privacy Possum's toolkit.

Given that, I appreciate that you brought up Privacy Possum as I was not
aware (yet) that it was available for Mozilla browsers so it's a win:win.

Much appreciated your valuable input.
I'll take the other concepts one by one when I look up the details.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

MY OPINION:
a. Windows sucks on proxies.
b. Firefox sucks on proxies.
c. Chromium sucks on proxies.

UPDATE:

To be clear, I never touched this stuff until Epic Privacy Browser died on
me in early July so all this is completely new to me for building a socks5 proxy that is FAST and FREE and requires no registration (for privacy).
A. The beauty of socks5 is it's fast.
B. The beauty of VPN is it's complete.

There's no reason you can'd to both.
1. First run socks5 and then VPN, or,
2. F\irst run VPN and then socks5.

Ask me how I know that it works. :)

Anyway, I spent all day cleaning up the flow, so I decided to post my
latest update (as of today - which is how I spent my vacation) below.

I hope this helps others, although it's complicated stuff only
because Windows, Mozilla & Chromium can't get their act together.

Plus, Google, Amazon & Microsoft pissed all over my proxy setup.
(They hate us having privacy it seems.)

If only Windows didn't suck so bad with proxies this would be easier.
And if only Mozilla & Chromium didn't suck so bad with proxies too.

Sigh.
All this work is because Mozilla & Chromium & Windows sucks for proxies.

Anyway, I'm ready for bed so here's my log file update for today's work.
<https://psiphon.ca/>
<https://psiphon.ca/en/download-store.html?psiphonca>
Name: psiphon3.exe
Size: 10402576 bytes (10158 KiB)
SHA256: DB1BAF76F0333F4743919A86F35037559F9E7DA7DF14982DFC16FB8DC0BE6BE2

Install location C:\apps\network\proxy\{psiphon,sockscap,freecap}\
Software archives C:\software\network\proxy\{psiphon,sockscap,freecap}\
Pullout menu C:\menus\network\proxy\{psiphon,sockscap,freecap}\

Once you run psiphon3 free socks proxy, you start thinking of all the ways Windows sucks at proxies, and then you try to fix each of those ways.

Sigh.

Below is what took me all day today to build a modular proxy control system that handles all three Windows proxy layers: WinINET, WinHTTP, and PAC/AutoDetect. It launches Psiphon, waits for proxy ports to initialize,
and then runs pac.cmd to sync everything.

Because they hate encryption, the PAC file bypasses Gmail, Amazon, &
Copilot domains, while routing all other traffic through Psiphon's SOCKS
proxy.

These scripts support diagnostic modes, silent execution, & full reset functionality. Since I love the Windows "App Paths" registry key, I've also optionally integrated App Paths for seamless Win+R launching, and included clear usage instructions, versioning, and logging.

It might not be perfect, but I designed it to be portable, maintainable, & extensible. I'm sure there is more to do, but I'm done for today. ================================================================
Step 1: Launch Psiphon
Step 2: Wait for proxy ports to initialize
Step 3: It will then run pac.cmd to sync WinHTTP & apply PAC
Optionally run proxy.cmd for diagnostics & configuration ================================================================
To run "proxy.cmd" using the Windows taskbar-pinned "Win+R" RunBox:
Runbox > pac
Which calls the named App Paths key
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pac.exe
Default=C:\data\sys\apppath\link\pac.lnk

Rightclick C:\data\sys\apppath\link\pac.lnk > Properties
TARGET=C:\Windows\System32\cmd.exe /c "C:\data\sys\batch\pac.cmd" ================================================================
To run "pac.cmd" using the Windows taskbar-pinned "Win+R" RunBox:
Runbox > pac
Which calls the named App Paths key
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pac.exe
Default=C:\data\sys\apppath\link\pac.lnk

Rightclick C:\data\sys\apppath\link\pac.lnk > Properties
TARGET=C:\Windows\System32\cmd.exe /c "C:\data\sys\batch\pac.cmd" ================================================================
psiphon3.lnk
TARGET=C:\data\sys\batch\psiphon-launch.cmd

Win+R > gvim C:\data\sys\batch\psiphon-launch.cmd

@echo off
REM psiphon-launch.cmd v1.1 ­X 20250901
REM Launch psiphon3.exe freeware & apply 3-way proxy sync/PAC
REM C:\data\sys\batch\psiphon-launch.cmd
REM Step 1: Launch Psiphon (which only syncs 1 of 3 Windows proxy types)
REM Step 2: Wait for proxy ports to initialize
REM Step 3: Run PAC setup (sync + PAC logic)
REM Note there are 3 different Windows proxy types. Sigh.
REM Type 1: WinINET ­X used by IE, Edge (legacy), MS Office & most apps
REM Type 2: WinHTTP ­X used by system services like Windows Update
REM Type 3: PAC/AutoDetect ­X used by browsers like Chrome, Edge, & Firefox
REM (but Mozilla browsers have to be set first to respect system proxies).

if not exist "C:\app\network\psiphon\psiphon3.exe" (
echo ERROR: Psiphon executable not found.
exit /b
)

start "" "C:\app\network\psiphon\psiphon3.exe"

REM Wait a few seconds for Psiphon to initialize
timeout /t 5 /nobreak >nul

if not exist "C:\data\sys\batch\pac.cmd" (
echo ERROR: pac.cmd not found.
exit /b
)

REM Run PAC setup silently
start "" "C:\data\sys\batch\pac.cmd" /silent

================================================================
Win+R > gvim C:\data\sys\batch\proxy.pac

/* proxy.pac v1.0 ­X 20250901
Bypasses proxy for:
- *.google.com, *.gmail.com, *.amazon.com
- *.copilot.microsoft.com
All other traffic routed through SOCKS proxy at 127.0.0.1:1080
*/

function FindProxyForURL(url, host) {
// Bypass Gmail and Google services
if (shExpMatch(host, "*.google.com") ||
shExpMatch(host, "*.gmail.com") ||
shExpMatch(host, "mail.google.com")) {
return "DIRECT";
}

// Bypass Amazon
if (shExpMatch(host, "*.amazon.com") ||
shExpMatch(host, "amazon.com")) {
return "DIRECT";
}

// Bypass Microsoft Copilot-related domains
if (shExpMatch(host, "*.copilot.microsoft.com") ||
shExpMatch(host, "*.bing.com") ||
shExpMatch(host, "*.microsoft.com")) {
return "DIRECT";
}

// Everything else goes through Psiphon SOCKS proxy
return "SOCKS 127.0.0.1:1080";
}

================================================================
Win+R > gvim C:\data\sys\batch\pac.cmd

@echo off
REM pac.cmd v1.5 ­X 20250901
REM Sync WinHTTP proxy & apply PAC logic for selective domain bypass
REM Used after Psiphon starts to align all three Windows proxy layers
REM ---------------------------------------------------------------
REM Step 1: Sync WinINET proxy into WinHTTP (used by system services)
REM Step 2: Apply PAC script & enable Auto-Detect (used by browsers)
REM ---------------------------------------------------------------
REM Usage:
REM pac Sync WinHTTP & apply PAC
REM pac /silent Suppress final pause
REM pac /status Show current proxy settings
REM pac /test Run diagnostics only
REM pac /nopac Disable PAC & Auto-Detect
REM pac /help Show usage instructions
REM ---------------------------------------------------------------

REM --- /help flag: show usage instructions ---
if /i "%~1"=="/help" (
echo Usage:
echo pac Sync WinHTTP & apply PAC
echo pac /silent Suppress final pause
echo pac /status Show current proxy settings
echo pac /test Run diagnostics only
echo pac /nopac Disable PAC & Auto-Detect
echo pac /help Show usage instructions
exit /b
)

REM --- Log start ---
echo [%DATE% %TIME%] Running pac.cmd >> C:\data\sys\logs\proxy.log

REM --- Check for proxy.cmd ---
if not exist "C:\data\sys\batch\proxy.cmd" (
echo ERROR: proxy.cmd not found.
exit /b
)

REM --- /status: show proxy diagnostics only ---
if /i "%~1"=="/status" (
start "" "C:\data\sys\batch\proxy.cmd" /silent /status
exit
)

REM --- /test: alias for /status ---
if /i "%~1"=="/test" (
echo Running proxy diagnostics only...
start "" "C:\data\sys\batch\proxy.cmd" /silent /status
exit
)

REM --- /nopac: disable PAC & Auto-Detect ---
if /i "%~1"=="/nopac" (
echo Disabling PAC & Auto-Detect...
start "" "C:\data\sys\batch\proxy.cmd" /silent /nopac
exit
)

REM --- Step 1: Sync WinINET into WinHTTP ---
echo Running proxy sync...
powershell -Command "Start-Process -FilePath 'cmd.exe' -ArgumentList '/c \"C:\data\sys\batch\proxy.cmd\" /sync' -NoNewWindow -Wait"

REM --- Step 2: Apply PAC logic ---
echo Applying PAC logic...
powershell -Command "Start-Process -FilePath 'cmd.exe' -ArgumentList '/c \"C:\data\sys\batch\proxy.cmd\" http://127.0.0.1/proxy.pac' -NoNewWindow
-Wait"

REM --- PAC summary for user ---
echo PAC logic: Bypassing proxy for Gmail, Amazon, & Copilot domains.
echo All other traffic routed through SOCKS proxy at 127.0.0.1:1080

REM --- Final pause unless /silent ---
if /i "%~1"=="/silent" (
exit
)

echo.
echo Press Enter to close...
pause >nul
exit


================================================================
Win+R > gvim C:\data\sys\batch\proxy.cmd

@echo off
REM proxy.cmd v1.8 ­X 20250901
REM Unified Windows proxy diagnostic + configuration tool
REM Supports: WinINET proxy, WinHTTP proxy, PAC/AutoDetect
REM ---------------------------------------------------------------
REM Usage:
REM Win+R > proxy Run normally
REM Win+R > proxy /help Show usage instructions
REM Win+R > proxy /sync Sync WinINET proxy into WinHTTP
REM Win+R > proxy http://url.pac Set PAC URL
REM Win+R > proxy /nopac Disable PAC & Auto-Detect
REM Win+R > proxy /status Check status only
REM Win+R > proxy /reset Clear all proxy settings
REM Win+R > proxy /silent Suppress final pause
REM Win+R > proxy /silent /sync Combine flags
REM ---------------------------------------------------------------
REM Proxy Types:
REM Type 1: WinINET ­X used by IE, Edge (legacy), MS Office & most apps
REM Type 2: WinHTTP ­X used by system services like Windows Update
REM Type 3: PAC/AutoDetect ­X used by Chrome, Edge, & optionally Firefox
REM Firefox must be set to "Use system proxy settings" to honor PAC
REM ---------------------------------------------------------------

REM --- /help flag: show usage instructions ---
if /i "%~1"=="/help" (
echo Usage:
echo proxy Run normally
echo proxy /sync Sync WinINET proxy into WinHTTP
echo proxy http://... Set PAC URL
echo proxy /nopac Disable PAC & Auto-Detect
echo proxy /status Show current proxy settings
echo proxy /reset Clear all proxy settings
echo proxy /silent ... Suppress final pause
exit /b
)

REM --- Log command to proxy.log ---
set LOG=C:\data\sys\logs\proxy.log
echo [%DATE% %TIME%] %cmdcmdline% >> %LOG%

REM --- Begin scoped environment ---
setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

REM --- Detect /silent flag & shift argument list ---
if /i "%~1"=="/silent" (
set SILENT=1
shift
)

REM --- /reset: clear all proxy settings ---
if /i "%~1"=="/reset" (
echo Resetting all proxy settings...
reg delete %KEY% /v ProxyEnable /f >nul 2>&1
reg delete %KEY% /v ProxyServer /f >nul 2>&1
reg delete %KEY% /v AutoConfigURL /f >nul 2>&1
reg add %KEY% /v AutoDetect /t REG_DWORD /d 0 /f >nul
netsh winhttp reset proxy >nul 2>&1
echo All proxy settings cleared.
goto SHOWCONFIG
)

REM --- /status: show current proxy configuration ---
if /i "%~1"=="/status" (
echo Displaying current proxy configuration...
goto SHOWCONFIG
)

REM --- /sync: copy WinINET proxy into WinHTTP ---
if /i "%~1"=="/sync" (
echo Syncing WinINET proxy into WinHTTP...
netsh winhttp import proxy source=ie
echo Done.
goto SHOWCONFIG
)

REM --- /nopac: disable PAC & Auto-Detect ---
if /i "%~1"=="/nopac" (
echo Disabling PAC & Auto-Detect...
reg delete %KEY% /v AutoConfigURL /f >nul 2>&1
reg add %KEY% /v AutoDetect /t REG_DWORD /d 0 /f >nul
echo PAC & Auto-Detect disabled.
goto SHOWCONFIG
)

REM --- Set PAC URL if provided ---
if not "%~1"=="" (
echo Setting PAC script URL: %~1
reg add %KEY% /v AutoConfigURL /t REG_SZ /d %~1 /f >nul
reg add %KEY% /v AutoDetect /t REG_DWORD /d 1 /f >nul
)

REM --- Diagnostic output block ---
:SHOWCONFIG
echo ==============================================
echo WINDOWS PROXY CONFIGURATION SET/CHECK/FIX
echo ==============================================

REM --- WinINET proxy status ---
echo.
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul')
do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul')
do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy status ---
echo.
echo [2] WinHTTP proxy (system/background services)
for /f "tokens=1,* delims=:" %%A in ('netsh winhttp show proxy ^| findstr
/R /C:"Proxy Server(s)"') do set curWinHTTP=%%B
set curWinHTTP=%curWinHTTP:~1%
if "%curWinHTTP%"=="" (
echo No WinHTTP proxy set ­X importing from WinINET...
netsh winhttp import proxy source=ie >nul 2>&1
) else (
echo WinHTTP proxy already set ­X leaving as is.
)
netsh winhttp show proxy

REM --- PAC / AutoDetect status ---
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL

nul') do set PACurl=%%B

for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul')
do set AutoDetect=%%B
if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

REM --- PAC logic summary if using proxy.pac ---
if /i "%PACurl%"=="http://127.0.0.1/proxy.pac" (
echo PAC logic: Bypassing proxy for Gmail, Amazon, & Copilot domains.
echo All other traffic routed through SOCKS proxy at 127.0.0.1:1080
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)

echo.
echo ==============================================
echo Windows proxy set/check/fix complete.
echo ==============================================

endlocal

REM --- Final pause unless /silent ---
if not defined SILENT (
echo.
echo Press Enter to close...
pause >nul
)
exit

================================================================

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)