XPost: alt.comp.os.windows-11, alt.msdos.batch
From: marionf@fact.com

Below is a working Windows custom proxy client I built over the past month.

If you use the same paths & freeware that I'm using, then I see no reason
it wouldn't work for you, out of the box, after you install these tools:

Psiphon freeware: (encrypted socks5 proxy server to bypass censorship)
<https://psiphon.ca/>
Name: psiphon3.exe
Size: 10402576 bytes (10158 KiB)
SHA256: DB1BAF76F0333F4743919A86F35037559F9E7DA7DF14982DFC16FB8DC0BE6BE2

Mongoose freeware: (single-binary lightweight local http/https server)
<https://mongoose.ws/binary/>
Name: mongoose.exe
Size: 110592 bytes (108 KiB)
SHA256: 7F0BE618842767D9C83D9607139334F454447FDF822A5404DC9AC7EDFCAB856B

Specifically only these external freeware executables are currently used:
psiphon3.exe (acts as the SOCKS5 proxy engine)
mongoose.vbs (serves the proxy.pac file via HTTP)

While these built-in Windows tools & commands are used in the script:
curl.exe (verifies the custom PAC file is available)
cscript.exe (runs the mongoose setup & launching VBScript)
net session ( checks if the script is running with admin rights)
powershell.exe -Verb RunAs (requests UAC elevation if needed)
netsh.exe (imports & syncs proxy settings from WinINet into WinHTTP)
reg.exe (writes registry values for AutoConfigURL and AutoDetect)

Tutorial:
Build a one-click Windows custom SOCKS5 proxy client using freeware

I've been building a privacy-focused proxy client for about a month which
has been a sudden deep dive into areas I hadn't touched in decades.

I hadn't seriously looked at proxies since around 2001, back when tools
like Proxifier were used to route traffic through TOR manually,
long before the Tor Browser bundled everything into a single click.

Back then, you'd launch TOR as a background service, configure Proxifier to redirect specific apps through a local SOCKS port and hope nothing leaked outside the tunnel.

Fast-forward to now and proxy configuration in Windows has become a multi-headed beast, with multiple API & networking stacks to deal with.

Modern Windows environments don't rely on a single unified proxy setting. Instead, they use multiple proxy stacks, each serving different types of applications and services. That means if you want consistent behavior
across browsers, system services, and modern apps, you can't just set a
proxy once and expect it to work everywhere.

Unfortunately, if you want it to be a single push-button (which is how I do everything, even clicking browser cookie-delete buttons automatically), you need scripts that interact with the registry, manipulate system settings,
and coordinate across stacks to make proxy setup a one-click operation.

On my Windows 10 Pro box, typical proxy settings live in places like:
a. Win+I > Settings > Network & Internet > Proxy
b. Win+R > control > Internet Options > Connections > LAN Settings
c. And Group Policy or registry edits for deeper control

Windows doesn't use a single unified proxy configuration. Instead, it has multiple proxy stacks, each used by different types of applications.
1. WinINet Stack
2. WinHTTP Stack
3. WPAD + PAC Files (used for auto-discovery and dynamic proxy logic)
4. Modern App Stack (Windows Runtime / UWP)
5. Custom Proxy Clients (scripts that can also bypass Windows stacks)

Examples of how these stacks are used:
a. WinINet is used by Internet Explorer and Chrome
b. WinHTTP is what Windows Update relies on
c. WPAD and PAC files are used by WinINet apps like Chrome & Firefox
d. UWP apps like Microsoft Store & Mail use the Modern App Stack
e. Tools like Proxifier, SocksCap, FreeCap, WideCap, ProxyCap,
SocksEscort, ShadowSocks, Psiphon, or in my case, a custom batch
script can act as freeware custom proxy clients on Windows 10.

For this tutorial, a custom proxy client can be any tool or script that:
A. Launches or manages a proxy service
B. Configures system or app-level proxy settings
C. Handles traffic & proxy logic independently of Windows' built-in stacks

Below is an example of my own script-driven proxy client which...
A. Bridges Psiphon with Windows proxy stacks,
B. Serves & applies PAC logic (with CoPilot, GMail & Amazon Vine bypass),
C. Syncs across WinINet & WinHTTP proxy stacks,
D. and handles Admin elevation (e.g., for regedits) & status logging.

These are a half dozen actions that the custom proxy client does...
1. Launches a freeware SOCKS5 proxy engine (Psiphon in SOCKS mode)
2. Serves a custom PAC file over HTTP/HTTPS before launching Psiphon
3. Applies proxy logic once Psiphon is running
4. Syncs proxy settings across stacks (WinINet > WinHTTP)
5. Handles elevation & logging if not already running as admin
6. Keeps the shell open so we can see what happened

Specifically, in my Windows 10 environment, the script below...
1. Starts psiphon3.exe in SOCKS mode which provides a local SOCKS5
proxy tunnel, which apps can use to route traffic through
Psiphon's encrypted network.
2. Runs mongoose.vbs to serve a proxy.pac file over HTTP at
http://127.0.0.1/proxy.pac. It waits a couple seconds,
then uses curl to verify the PAC file is actually available
before continuing.
3. Calls pac.cmd, which sets up the system to use the PAC file.
It also directly sets the PAC URL and enables Auto-Detect
in the registry under:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
4. Runs "netsh winhttp import proxy source=ie" which copies the
static proxy settings from WinINet into WinHTTP
Note: It smartly avoids transferring SOCKS or PAC logic
to WinHTTP, since WinHTTP doesn't support those.
5. Relaunches itself with UAC elevation & logs activity to proxy.log,
including timestamps when PAC logic is triggered.
6. Pauses at the end so you can see what happened.

I'm sure there will be improvements, but here's the current status after
using it for about a month (ever since Epic Privacy Browser went bust).

::START: You type Win+R -> psiphon
:: |
:: v
::psiphon.bat
:: - Check if running as admin
:: - If not, request UAC elevation and restart
:: - Launch mongoose.vbs to serve proxy.pac (moved earlier in v1.8)
:: - Wait 2 seconds for Mongoose to initialize (added in v1.8)
:: - Echo "waiting for mongoose..." during delay (added in v1.9)
:: - Verify PAC file is accessible via curl (added in v1.8)
:: - Launch psiphon3.exe in SOCKS mode
:: - Wait 5 seconds for Psiphon to initialize
:: - Log that pac.cmd is being run
:: - Call pac.cmd /silent
:: |
:: v
:: pac.cmd
:: - Log run
:: - Run proxy.cmd /sync to align WinINET -> WinHTTP
:: - Capture current PAC URL and Auto-Detect status
:: - If missing or wrong, call proxy.cmd with PAC URL
:: - Force set PAC URL and Auto-Detect in registry
:: - Re-capture status so final display is accurate
:: - Show final PAC and Auto-Detect status
:: - Return to psiphon.bat
:: - Force set PAC URL and Auto-Detect again (double guarantee)
:: - Pause for user to see output
:: - Exit without closing parent shell
::END

Here's my main custom proxy client script, verbatim, using my own paths, so please realize this is a working script that I use every day to perform the actions above on my Windows 10 Pro Pc. Note that I will necessarily need to send the companion scripts separately since this is already a long post.

@echo off
REM C:\data\sys\batch\psiphon.bat version 1.0 20250819
REM This is psiphon.bat version 2.1 (118 lines)
REM Runs "C:\app\network\psiphon\psiphon3.exe" -mode=socks
REM This method leaves windows open.
REM %comspec% /k C:\app\network\psiphon\psiphon3.exe -mode=socks
REM This method closes windows.
REM psiphon.bat version 1.1 20250916
REM Added automatic PAC sync/apply after Psiphon launch
REM psiphon.bat version 1.2 20250916
REM Added logging to proxy.log when PAC is triggered from psiphon
REM psiphon.bat version 1.3 20250916
REM Added optional pause for viewing output before closing
REM psiphon.bat version 1.4 20250916
REM Changed to never close parent cmd window and always pause at end
REM psiphon.bat version 1.5 20250916
REM Added self-elevation to request UAC if not already admin
REM psiphon.bat version 1.6 20250916
REM Added final PAC URL + Auto-Detect set to ensure persistence
REM after Psiphon/proxy changes
REM psiphon.bat version 1.7 20250917
REM Added launch of mongoose.vbs to serve proxy.pac before PAC logic
REM psiphon.bat version 1.8 20250917
REM Reordered launch sequence: Mongoose now starts BEFORE Psiphon
REM Added PAC availability check using curl
REM Added 2-second wait after Mongoose launch to ensure readiness
REM psiphon.bat version 1.9 20250917
REM Error: PAC file not available. Aborting. Press any key to continue
REM Increased delay from 2 to 4 to give Mongoose more time to bind & serve
REM psiphon.bat version 2.0 20250917 (111 lines)
REM Decreased delay back to 2 as it didn't make a difference
REM Added echo message during Mongoose wait to indicate progress
REM psiphon.bat version 2.1 20250917 (118 lines)
REM Expanded Psiphon¢s reach to WinHTTP apps without compromising WinINET
apps
REM By adding Automatic Sync of WinINET to WinHTTP (e.g., for Windows
Update)
REM Transfers only the Psiphon-injected static HTTP/HTTPS proxy address
REM Does not transfer PAC logic and SOCKS settings from WinInet to WinHTTP

:: --- Elevate to admin if not already ---

nul 2>&1 net session

if %errorlevel% neq 0 (
echo Requesting administrative privileges...
powershell -Command "Start-Process '%~f0' -Verb RunAs"
exit /b
)

REM Launch Mongoose silently to serve proxy.pac
cscript //nologo "C:\data\sys\batch\launchmongoose.vbs"

REM Wait for Mongoose to initialize (added in v1.8)
echo waiting for mongoose... (added in v2.0)
timeout /t 2 /nobreak >nul

REM Verify PAC file is available before proceeding (added in v1.8)
curl --silent --fail http://127.0.0.1/proxy.pac >nul || (
echo PAC file not available. Aborting.
pause
exit /b
)

REM Launch Psiphon in SOCKS mode
start "" /D "C:\app\network\psiphon" psiphon3.exe -mode=socks

REM Wait a few seconds for Psiphon to initialize
timeout /t 5 /nobreak >nul

REM Log that PAC is being run from psiphon
echo [%DATE% %TIME%] pac.cmd triggered from psiphon.bat >> C:\data\sys\log\proxy.log

REM Apply PAC logic automatically (silent mode)
call "C:\data\sys\batch\pac.cmd" /silent

REM Force PAC URL and Auto-Detect to desired values at the very end
REM This ensures Psiphon or proxy sync cannot leave them unset
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
/v AutoConfigURL /t REG_SZ /d http://127.0.0.1/proxy.pac /f >nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
/v AutoDetect /t REG_DWORD /d 1 /f >nul

REM Sync WinINET proxy settings into WinHTTP (added in v2.1)
netsh winhttp import proxy source=ie

REM Always pause so you can see output if run from a console
echo.
echo Press any key to close...
pause >nul

REM End batch without killing the shell
exit /b

Note that I will post working companion scripts following this overview.
--
Kindly donated to the Usenet community, as always, for others to benefit.

--- SoupGate-Linux v1.05
* Origin: Dragon's Lair ---:- FidoNet<>Usenet Gateway -:--- (3:633/10)

XPost: alt.comp.os.windows-11, alt.msdos.batch
From: marionf@fact.com

Marion wrote:

Tutorial:
Build a one-click Windows custom SOCKS5 proxy client using freeware
Note that I will post working companion scripts following this overview.

The companion blocks psiphon.bat uses are listed below:
1. proxy.cmd
registry sync helper that reads and writes WinINet & WinHTTP settings
2. pac.cmd
PAC file installer that calls proxy.cmd to enforce AutoConfigURL
and AutoDetect so that these three domains are bypassed
Amazon Vine (https://amazon.com/vine/about)
Google Gmail (https://mail.google.com)
Microsoft (https://copilot.microsoft.com)
These are bypassed since they hate proxies like they hate VPN.
3. launchmongoose.vbs
Launches a lightweight HTTP server that serves proxy.pac to localhost
4. psiphon.bat
The main proxy client which elevates to admin, starts mongoose,
launches Psiphon, applies PAC logic, syncs to WinHTTP & logs activity

Bearing in mind everything you do on WIndows more than once is to be made
into a single click, each of these commands runs standalone when needed.
Win+R > proxy
Win+R > pac
Win+R > mongoose
Win+R > psiphon
These single-point activators are made possible by the App Paths key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\<name>.exe

For reference, here is the general flow so you can see where each is run.
::START: Win+R -> psiphon (uses App Paths registry key)
:: |
:: v
::psiphon.bat
:: - Check if running as admin
:: - If not, request UAC elevation and restart
:: - Launch launchmongoose.vbs to start Mongoose HTTP server
:: - Serve proxy.pac at http://127.0.0.1/proxy.pac
:: - Wait 2 seconds for Mongoose to initialize
:: - Verify PAC file is available using curl
:: - If PAC file is not available, abort
:: - Launch psiphon3.exe in SOCKS mode
:: - Wait 5 seconds for Psiphon to initialize
:: - Log that pac.cmd is being run
:: - Call pac.cmd /silent
:: |
:: v
:: pac.cmd
:: - Log run
:: - Run proxy.cmd /sync to align WinINET -> WinHTTP
:: - Capture current PAC URL and Auto-Detect status
:: - If missing or wrong, call proxy.cmd with PAC URL
:: - Force set PAC URL and Auto-Detect in registry
:: - Show final PAC and Auto-Detect status
:: - Return to psiphon.bat
:: - Force set PAC URL and Auto-Detect again (double guarantee)
:: - Pause for user to see output
:: - Exit without closing parent shell
::END

Here is my working Win_R > proxy (proxy.cmd) source file:
@echo off
REM C:\data\sys\batch\proxy.cmd 20250902
REM This is version 2.2
REM Proxy diagnostic & config tool for WinINET, WinHTTP, PAC
REM C:\data\sys\batch\proxy.cmd v2.1 - 20250916
REM Changes in v2.1 (20250916):
REM Added conditional check before importing WinINET into WinHTTP
REM to avoid overwriting existing settings unnecessarily
REM Added PAC file existence check before setting PAC URL
REM Updated pause prompts to clarify Enter, Spacebar, or any key works
REM C:\data\sys\batch\proxy.cmd v2.2 - 20250916 (224 lines)
REM Changed final exit to exit /b to avoid closing parent cmd window

REM Usage:
REM Win+R > proxy
REM Win+R > proxy /help
REM Win+R > proxy /sync
REM Win+R > proxy http://url.pac
REM Win+R > proxy /nopac
REM Win+R > proxy /status
REM Win+R > proxy /reset
REM Win+R > proxy /silent
REM Win+R > proxy /silent /sync

REM Proxy types:
REM Type 1: WinINET - IE, Edge, MS Office, most apps
REM Type 2: WinHTTP - system services like Windows Update
REM Type 3: PAC/AutoDetect - Chrome, Edge, Firefox (if set to use system proxy)

REM Show usage
if /i "%~1"=="/help" (
echo Usage:
echo proxy
echo proxy /sync
echo proxy http://...
echo proxy /nopac
echo proxy /status
echo proxy /reset
echo proxy /silent ...
exit /b
)

REM Log command
set LOG=C:\data\sys\log\proxy.log
echo [%DATE% %TIME%] %cmdcmdline% >> %LOG%

REM Begin scoped env
setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

REM Detect /silent flag
if /i "%~1"=="/silent" (
set SILENT=1
shift
)

REM /reset flag
if /i "%~1"=="/reset" (
echo Reset proxy settings...
reg delete %KEY% /v ProxyEnable /f >nul 2>&1
reg delete %KEY% /v ProxyServer /f >nul 2>&1
reg delete %KEY% /v AutoConfigURL /f >nul
reg add %KEY% /v AutoDetect /t REG_DWORD /d 0 /f >nul
netsh winhttp reset proxy >nul 2>&1
echo Proxy settings cleared.
goto SHOWCONFIG
)

REM /status flag
if /i "%~1"=="/status" (
echo Show proxy config...
goto SHOWCONFIG
)

REM /sync flag
if /i "%~1"=="/sync" (
echo Sync WinINET into WinHTTP...
REM Check if WinHTTP proxy is already set before importing
for /f "tokens=1,* delims=:" %%A in ('netsh winhttp show proxy ^| findstr /R /C:"Proxy Server(s)"') do set curWinHTTP=%%B
set curWinHTTP=%curWinHTTP:~1%
if "%curWinHTTP%"=="" (
netsh winhttp import proxy source=ie
if errorlevel 1 (
echo ERROR: Access denied. Run as admin.
)
echo Done.
) else (
echo WinHTTP proxy already set, skipping import.
)
goto SHOWCONFIG
)

REM /nopac flag
if /i "%~1"=="/nopac" (
echo Disable PAC & Auto-Detect...
reg delete %KEY% /v AutoConfigURL /f >nul 2>&1
reg add %KEY% /v AutoDetect /t REG_DWORD /d 0 /f >nul
echo PAC & Auto-Detect disabled.
goto SHOWCONFIG
)

REM Set PAC URL
if not "%~1"=="" (
echo Set PAC URL: %~1
REM PAC file existence check if URL is local file or localhost
for /f "tokens=1 delims=:" %%P in ("%~1") do set PACPROTO=%%P
if /i "%PACPROTO%"=="http" (
REM If localhost PAC, check file existence
echo %~1 | findstr /I "127.0.0.1" >nul
if not errorlevel 1 (
for /f "tokens=2 delims=:" %%H in ("%~1") do set PACPORTPATH=%%H
REM Remove leading slashes
set PACPORTPATH=%PACPORTPATH:/=%
REM Adjust path if needed (user must ensure correct mapping)
if not exist "C:\data\sys\pac\proxy.pac" (
echo WARNING: PAC file not found at C:\data\sys\pac\proxy.pac
)
)
)
reg add %KEY% /v AutoConfigURL /t REG_SZ /d %~1 /f >nul
reg add %KEY% /v AutoDetect /t REG_DWORD /d 1 /f >nul
)

REM Diagnostic output
:SHOWCONFIG
echo ============================================
echo WINDOWS PROXY CONFIG CHECK
REM Avoid slash to prevent parsing bug
echo ============================================

REM WinINET status
echo.
echo [1] WinINET
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy ENABLED
echo Server: %ProxyServer%
) else (
echo Proxy DISABLED
)

REM WinHTTP status
echo.
echo [2] WinHTTP
for /f "tokens=1,* delims=:" %%A in ('netsh winhttp show proxy ^| findstr /R /C:"Proxy Server(s)"') do set curWinHTTP=%%B
set curWinHTTP=%curWinHTTP:~1%
if "%curWinHTTP%"=="" (
echo No WinHTTP proxy - import from WinINET...
netsh winhttp import proxy source=ie >nul 2>&1
) else (
echo WinHTTP proxy already set
)
netsh winhttp show proxy

REM PAC status
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B
if defined PACurl (
echo PAC URL: %PACurl%
) else (
echo No PAC URL
)

REM PAC logic summary
if /i "%PACurl%"=="http://127.0.0.1/proxy.pac" (
echo PAC logic: Bypass Gmail, Amazon, Copilot
echo Other traffic via SOCKS proxy 127.0.0.1:1080
)

if "%AutoDetect%"=="0x1" (
echo Auto-Detect ENABLED
) else (
echo Auto-Detect DISABLED
)

echo.
echo ============================================
echo Proxy check complete
echo ============================================

endlocal

REM Final pause unless /silent
if not defined SILENT (
echo.
echo Press Enter, Spacebar, or any key to close...
pause >nul
)

exit /b

--
Some people are kind hearted enough to ensure others always benefit.

--- SoupGate-Linux v1.05
* Origin: Dragon's Lair ---:- FidoNet<>Usenet Gateway -:--- (3:633/10)

XPost: alt.comp.os.windows-11, alt.msdos.batch
From: marionf@fact.com

Marion wrote:

Tutorial:
Build a one-click Windows custom SOCKS5 proxy client using freeware
Note that I will post working companion scripts following this overview.

While companion blocks are listed below, some are optional.
1. proxy.cmd (posted)
registry sync helper that reads and writes WinINet & WinHTTP settings
2. pac.cmd (to be posted)
PAC file installer that calls proxy.cmd to enforce AutoConfigURL
and AutoDetect so that these three domains are bypassed
Amazon Vine (https://amazon.com/vine/about)
Google Gmail (https://mail.google.com)
Microsoft (https://copilot.microsoft.com)
These are bypassed since they hate proxies like they hate VPN.
3. launchmongoose.vbs (posted below)
Launches a lightweight HTTP server that serves proxy.pac to localhost
4. psiphon.bat (posted in the original post opening up this thread)
The main proxy client which elevates to admin, starts mongoose,
launches Psiphon, applies PAC logic, syncs to WinHTTP & logs activity

In keeping with the idea that anything you do more than once on Windows
should be tied to a single click, launchmongoose.vbs is an optional helper
that silently starts the Mongoose web server in the correct working
directory so it can host proxy.pac at http://127.0.0.1. It only launches if mongoose.exe is not already running and logs the result to mongoose.log.

Keep in mind that this custom proxy client works fine without Mongoose
because Psiphon in SOCKS5 mode does not require a PAC file to be served
over HTTP (that is, the PAC URL in the registry can point to a local file
path or direct proxy settings as it doesn't need to be served over HTTP).

The benefit of adding the lightweight Mongoose web server was that mongoose
is an easy way to serve the PAC file over HTTP before Psiphon starts.

This allows:
a. The PAC URL in WinINet and WinHTTP to point to a live file
at http://127.0.0.1/proxy.pac
b. Any app or service that supports PAC files to fetch proxy
rules immediately without using an external server
c. Custom bypass logic such as skipping Amazon Vine, Gmail
and Microsoft Copilot to be applied system wide
d. The PAC file to remain available even if Psiphon changes
network routes because the PAC file is hosted locally

In short, the launching of Mongoose turns my custom proxy client setup from just a SOCKS5 tunnel into a more-self-contained proxy service with dynamic routing rules, making PAC logic work reliably across all stacks & apps.

With that backround in mind, here's the OPTIONAL mongoose-launch script.
' ============================================
' launchmongoose.vbs 20250916 version 1.0
' This is version 1.5
' ============================================
' Version History:
' 1.0 - 20250916 Initial silent launch
' 1.1 - 20250916 Added process check and logging
' 1.2 - 20250916 Fixed duplicate End If error
' 1.3 - 20250916 Added version header block, cleaned structure
' 1.4 - 20250916 Removed unconditional launch
' Now launches only if not running
' 1.5 - 20250916 Updated launch command to explicitly set working directory
' ============================================
' Serves C:\data\sys\batch\proxy.pac as http & https
' Launch using: cscript //nologo launchmongoose.vbs
' Test using: curl http://127.0.0.1/proxy.pac
' Testing using: type mongoose.log
' Or just use: tasklist /fi "imagename eq mongoose.exe"
' Kill using: taskkill /f /im mongoose.exe
' Test this script: cscript //nologo "C:\data\sys\batch\launchmongoose.vbs"
' ==============================
' Added in version 1.1
' ==============================
' Features:
' - Skips launch if mongoose.exe is already running
' - Logs launch attempts to mongoose.log
' ==============================
' Fixed in version 1.2
' ==============================
' got rid of errors
' ==============================
' Improved in version 1.4
' ==============================
' Removed unconditional launch from version 1.0
' ==============================
' Improved in version 1.5
' ==============================
' Due to error: PAC file not available.
' Added explicit path to Mongoose launch
' WshShell.Run """C:\data\sys\batch\mongoose.exe"" -l http://127.0.0.1:80 -d C:\data\sys\batch", 0, False
' This ensures proxy.pac is served correctly regardless of current working directory
' ==============================

Set WshShell = CreateObject("WScript.Shell")

Set execCheck = WshShell.Exec("cmd /c tasklist /fi ""imagename eq mongoose.exe"" | find /i ""mongoose.exe""")
If execCheck.StdOut.ReadAll = "" Then
' Mongoose is not running, launch silently
WshShell.Run """C:\data\sys\batch\mongoose.exe"" -l http://127.0.0.1:80 -d C:\data\sys\batch", 0, False

' Log the launch
WshShell.Run """cmd.exe"" /c echo [" & Date & " " & Time & "] Mongoose launched >> C:\data\sys\batch\mongoose.log", 0, False
Else
' Mongoose is already running, skip launch
WshShell.Run """cmd.exe"" /c echo [" & Date & " " & Time & "] Mongoose already running >> C:\data\sys\batch\mongoose.log", 0, False
End If

Note I tested caddy, miniweb, mongoose & python before settling on mongoose.
--
Note that Amazon Vine gives me tens of thousands of dollars worth of "free stuff" every year so I needed to keep them happy since they hated proxies.
<https://amazon.com/vine/about>
And GMail was barfing as were all the AI's, but Copilot is a M$ tool,
so it's added here (you'll likely want to add all the AI URls to it).

--- SoupGate-Linux v1.05
* Origin: Dragon's Lair ---:- FidoNet<>Usenet Gateway -:--- (3:633/10)

XPost: alt.comp.os.windows-11, alt.msdos.batch
From: marionf@fact.com

Marion wrote:

Tutorial:
Build a one-click Windows custom SOCKS5 proxy client using freeware
Note that I will post working companion scripts following this overview.

While companion blocks are listed below, some are optional.
1. proxy.cmd (previously posted)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
registry sync helper that reads and writes WinINet & WinHTTP settings

2. pac.cmd (posted below)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pac.exe
PAC file installer that calls proxy.cmd to enforce AutoConfigURL
and AutoDetect so that these three domains are bypassed
Amazon Vine (https://amazon.com/vine/about)
Google Gmail (https://mail.google.com)
Microsoft (https://copilot.microsoft.com)
These are bypassed since they hate proxies like they hate VPN.

3. launchmongoose.vbs (previously posted)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mongoose.exe
Launches a lightweight HTTP server that serves proxy.pac to localhost

4. psiphon.bat (previously posted in the original post of this thread)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\psiphon.exe
The main proxy client which elevates to admin, starts mongoose,
launches Psiphon, applies PAC logic, syncs to WinHTTP & logs activity

In contrast with the previous post where mongoose was added just yesterday
as an OPTIONAL helper to serve PAC files over HTTP, probably the one script that I've spent the most time on in this month-long effort is this pac.cmd, which is a helper script that makes sure the system is using the correct
PAC file, PAC URL and Auto-Detect settings after Psiphon starts.

This pac.cmd script (which can be run from "Win+R > pac" if needed, is
called by the main psiphon.bat custom proxy client in order to sync WinINet proxy settings into WinHTTP. What it does is it checks the current PAC configuration and applies changes if needed. It can also intelligently
force the PAC URL and Auto-Detect registry keys so they stay set even if Windows fails to fetch the PAC file. That took a while to get timing right.

It then logs its actions even as it can run silently and it shows the final
PAC status so we know when proxy logic is active across both stacks.

@echo off
REM C:\data\sys\batch\pac.cmd (This is version 3.0)
REM Single command: Win+R > pac
REM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pac.exe
REM C:\data\sys\batch\pac.cmd v1p6_20250902
REM Sync WinHTTP proxy & apply PAC logic
REM Used after Psiphon starts to align proxy layers
REM C:\data\sys\batch\pac.cmd v1p7_20250916
REM Changes in v1.7 (20250916):
REM After applying PAC, capture proxy.cmd /status to a temp file
REM Parse PAC URL & Auto-Detect status from proxy.cmd output
REM Display parsed results instead of static PAC summary
REM C:\data\sys\batch\pac.cmd v1p8_20250916
REM Added PACURL variable at top for easy change
REM Improved /silent handling to work in any argument position
REM C:\data\sys\batch\pac.cmd v1p9_20250916
REM Fixed capture logic so temp file is created before parsing
REM C:\data\sys\batch\pac.cmd v2.0_20250916
REM Skips PAC apply step if PAC URL and Auto-Detect are already correct
REM C:\data\sys\batch\pac.cmd v2.1_20250916
REM Added note this may be called automatically from psiphon.bat v1.2
REM Added detection/logging if called from psiphon.bat
REM C:\data\sys\batch\pac.cmd v2.2_20250916
REM Added forced PAC set suggestion
REM C:\data\sys\batch\pac.cmd v2.3_20250916
REM Now always forces PAC URL + Auto-Detect to ensure persistence
REM C:\data\sys\batch\pac.cmd v2.4_20250916
REM Added re-capture of status after forcing PAC for accurate display
REM C:\data\sys\batch\pac.cmd v2.5_20250916
REM Verified re-capture placement after reg add to fix stale display bug
REM C:\data\sys\batch\pac.cmd v2.9_20250916
REM Hard-coded TEMPSTATUS to C:\tmp\pac_status.txt
REM Removed deletion of TEMPSTATUS at end
REM Section-aware parsing of PAC/AutoDetect block with /B matching
REM C:\data\sys\batch\pac.cmd v3.0_20250917 (242 lines)
REM Moved PAC registry enforcement into apply block
REM so proxy.cmd reflects correct status immediately
REM Added fallback enforcement even when PAC is already correct
:: Normally the pac file is served by a web server.
:: This script does not rely on Windows successfully fetching the PAC file
:: via HTTP. Instead, it Sets the registry key to point to the PAC URL
:: It assumes the PAC logic is known & trusted.
:: It uses proxy.cmd to apply proxy settings directly,
:: bypassing the need for Windows to interpret the PAC file
:: So even if http://127.0.0.1/proxy.pac is not actually being served
:: by a web server, the system still behaves as if it is because the
:: tooling here enforces the logic manually.
:: This is where Windows typically looks for the PAC script URL.
:: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
:: AutoConfigURL = http://127.0.0.1/proxy.pac
:: That tells Windows to fetch the PAC file from your own machine via HTTP
:: http://127.0.0.1/proxy.pac
:: C:\data\sys\batch\proxy.pac
:: curl http://127.0.0.1/proxy.pac
::
:: You could point to the actual pac file but that is less universal
:: AutoConfigURL = file:///C:/data/sys/batch/proxy.pac
::
:: C:\app\network\psiphon\psiphon3.exe -mode=socks
:: Win+R > control > Internet Options > Connections > LAN Settings
:: Automatic configuration
:: [x]Automatically detect settings
:: [x]Use automatic configuration script
:: Address http://127.0.0.1/proxy.pac
:: Proxy server
:: [x]Use a proxy server for your LAN
:: [x]Bypass proxy server for local addresses
::
:: Win+I > Settings > Network & Internet > Proxy > Manual proxy setup = on
:: Automatic proxy setup
:: Automatically detect settings = on
:: Use setup script = on
:: Script address = http://127.0.0.1/proxy.pac
:: Manual proxy setup
:: Use a proxy server = on
:: Address http=127.0.0.1:3736;https=127.0.0.1:3736;socks=127.0.0.1:1080
:: Port = <blank>
:: Use the proxy server except for addresses that start with the following entries. Use semicolons (;) to separate entries.
:: 10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;169.254.*;[fc*];[fd*];[fe8*];[fe9*];[fea*];[feb*]
:: [x]Do not use the proxy server for local intranet addresses
::
:: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
:: AutoConfigURL = http://127.0.0.1/proxy.pac
::
:: C:\data\sys\batch\proxy.pac
::

REM PAC URL variable
set "PACURL=http://127.0.0.1/proxy.pac"

REM Detect /silent flag anywhere in args
set SILENT=
for %%A in (%*) do (
if /i "%%A"=="/silent" set SILENT=1
)

REM Detect if called from psiphon.bat
echo %CMDCMDLINE% | find /I "psiphon.bat" >nul
if not errorlevel 1 (
echo [%DATE% %TIME%] pac.cmd detected it was called from psiphon.bat >> C:\data\sys\log\proxy.log
)

REM Log start
echo [%DATE% %TIME%] Run pac.cmd %* >> C:\data\sys\log\proxy.log

REM /status flag
for %%A in (%*) do (
if /i "%%A"=="/status" (
start "" "C:\data\sys\batch\proxy.cmd" /silent /status
exit /b
)
)

REM /nopac flag
for %%A in (%*) do (
if /i "%%A"=="/nopac" (
echo Disable PAC & Auto-Detect...
start "" "C:\data\sys\batch\proxy.cmd" /silent /nopac
exit /b
)
)

REM Sync WinINET into WinHTTP
echo Run proxy sync...
powershell -Command "Start-Process -FilePath 'cmd.exe' -ArgumentList '/c \"C:\data\sys\batch\proxy.cmd\" /sync' -NoNewWindow -Wait"

REM Hard-coded temp file path
set "TEMPSTATUS=C:\tmp\pac_status.txt"

REM Capture current PAC status
call "C:\data\sys\batch\proxy.cmd" /silent /status > "%TEMPSTATUS%"

REM Parse PAC URL and Auto-Detect from [3] PAC / AutoDetect section only
set "PACURL_FOUND="
set "AUTODETECT="
set "IN_PAC_SECTION="

for /f "usebackq delims=" %%L in ("%TEMPSTATUS%") do (
if defined IN_PAC_SECTION (
if not defined PACURL_FOUND echo %%L | findstr /B /I "PAC URL:" >nul && set "PACURL_FOUND=%%L"
if not defined AUTODETECT echo %%L | findstr /B /I "Auto-Detect" >nul && set "AUTODETECT=%%L"
if "%%L"=="" set "IN_PAC_SECTION="
)
if "%%L"=="[3] PAC / AutoDetect" set "IN_PAC_SECTION=1"
)

set "PACURL_FOUND=%PACURL_FOUND:PAC URL: =%"
set "AUTODETECT=%AUTODETECT:Auto-Detect =%"

REM Decide whether to apply PAC
set APPLY_PAC=0
if /i not "%PACURL_FOUND%"=="%PACURL%" set APPLY_PAC=1
if /i not "%AUTODETECT%"=="ENABLED" set APPLY_PAC=1

if "%APPLY_PAC%"=="1" (
echo Apply PAC logic...
powershell -Command "Start-Process -FilePath 'cmd.exe' -ArgumentList '/c \"C:\data\sys\batch\proxy.cmd\" %PACURL%' -NoNewWindow -Wait"

REM v2.10: Force PAC registry keys immediately after apply
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /t REG_SZ /d %PACURL% /f >nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoDetect /t REG_DWORD /d 1 /f >nul

REM Re-capture status after applying PAC
call "C:\data\sys\batch\proxy.cmd" /silent /status > "%TEMPSTATUS%"
) else (
echo PAC settings already correct - skipping apply step.

REM v2.10: Still enforce PAC registry keys to guarantee consistency
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /t REG_SZ /d %PACURL% /f >nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoDetect /t REG_DWORD /d 1 /f >nul
)

REM Re-capture status AFTER forcing PAC so display is accurate
echo Re-capturing final status...
call "C:\data\sys\batch\proxy.cmd" /silent /status > "%TEMPSTATUS%"
REM Parse PAC URL and Auto-Detect again from [3] PAC / AutoDetect section
set "PACURL_FOUND="
set "AUTODETECT="
set "IN_PAC_SECTION="

for /f "usebackq delims=" %%L in ("%TEMPSTATUS%") do (
if defined IN_PAC_SECTION (
if not defined PACURL_FOUND echo %%L | findstr /B /I "PAC URL:" >nul && set "PACURL_FOUND=%%L"
if not defined AUTODETECT echo %%L | findstr /B /I "Auto-Detect" >nul && set "AUTODETECT=%%L"
if "%%L"=="" set "IN_PAC_SECTION="
)
if "%%L"=="[3] PAC / AutoDetect" set "IN_PAC_SECTION=1"
)

set "PACURL_FOUND=%PACURL_FOUND:PAC URL: =%"
set "AUTODETECT=%AUTODETECT:Auto-Detect =%"

if defined PACURL_FOUND (
echo PAC URL: %PACURL_FOUND%
) else (
echo PAC URL: Not set
)

if /i "%AUTODETECT%"=="ENABLED" (
echo Auto-Detect ENABLED
) else (
echo Auto-Detect DISABLED
)

REM Final pause unless /silent
if not defined SILENT (
echo.
echo Press Enter, Spacebar, or any key to close...
pause >nul
)

exit /b

::START: You type Win+R -> psiphon
:: |
:: v
::psiphon.bat
:: - Check if running as admin
:: - If not, request UAC elevation and restart
:: - Launch mongoose.vbs to serve proxy.pac (moved earlier in v1.8)
:: - Wait 2 seconds for Mongoose to initialize (added in v1.8)
:: - Echo "waiting for mongoose..." during delay (added in v1.9)
:: - Verify PAC file is accessible via curl (added in v1.8)
:: - Launch psiphon3.exe in SOCKS mode
:: - Wait 5 seconds for Psiphon to initialize
:: - Log that pac.cmd is being run
:: - Call pac.cmd /silent
:: |
:: v
:: pac.cmd
:: - Log run
:: - Run proxy.cmd /sync to align WinINET -> WinHTTP
:: - Capture current PAC URL and Auto-Detect status
:: - If missing or wrong, call proxy.cmd with PAC URL
:: - Force set PAC URL and Auto-Detect in registry
:: - Re-capture status so final display is accurate
:: - Show final PAC and Auto-Detect status
:: - Return to psiphon.bat
:: - Force set PAC URL and Auto-Detect again (double guarantee)
:: - Pause for user to see output
:: - Exit without closing parent shell
::END
--
Note that this custom one-click socks5 proxy client is modular,
where each component can be individually run & tested in one step.

--- SoupGate-Linux v1.05
* Origin: Dragon's Lair ---:- FidoNet<>Usenet Gateway -:--- (3:633/10)

XPost: alt.comp.os.windows-11, alt.msdos.batch
From: marionf@fact.com

Marion wrote:

Tutorial:
Build a one-click Windows custom SOCKS5 proxy client using freeware

Included below is an OPTIONAL proxy-checking script that I wrote early on
which outputs what is happening when Psiphon.bat is setting & unsetting
things, along with Psiphon itself syncing stuff when starts & stops.
C:\data\sys\batch\checkproxy.bat
Win+R > checkproxy

Bear in mind, about half the stuff that is checked below is set/unset
by Psiphon while the other half (roughly) is set/unset in my scripts.

That is, if you start Psiphon.exe without the scripts, only about half of
what actually happens will happen (although I changed the TARGET on the original Psiphon link to run the psiphon.bat script so it does it all).
Change Psiphon.lnk TARGET FROM C:\app\network\psiphon\psiphon3.exe
Change Psiphon.lnk TARGET TO C:\data\sys\batch\psiphon.bat

When the custom psiphon.bat script modifies system proxy configurations to route traffic through Psiphon's secure tunnel, here's what it changes:

1. WinINET (used by Internet Explorer and some legacy apps):
Psiphon does not enable a manual proxy here by default.
Proxy remains DISABLED unless manually set.

2. WinHTTP (used by system services and background tasks):
Initially set to "Direct access" (no proxy).
Psiphon syncs WinINET settings into WinHTTP.
Eventually sets WinHTTP proxy to:
http=127.0.0.1:63750
https=127.0.0.1:63750
socks=127.0.0.1:1080
Adds a bypass list for local and private IP ranges.

3. PAC (Proxy Auto-Config) and AutoDetect:
Before Psiphon: no PAC URL, Auto-Detect is DISABLED.
After Psiphon:
Sets PAC URL to http://127.0.0.1/proxy.pac
Enables Auto-Detect
PAC logic routes Gmail, Amazon Vine & Copilot directly
& sends other traffic through SOCKS proxy at 127.0.0.1:1080

In summary, the custom proxy client...
a. Sets a PAC script URL in the registry.
a. Enables Auto-Detect to apply PAC logic.
a. Syncs proxy settings from WinINET to WinHTTP.
a. Configures WinHTTP to use Psiphon's local proxy ports.
a. Leaves WinINET proxy disabled unless manually overridden.

This setup ensures that most apps and services follow the PAC logic and
route traffic through Psiphon's encrypted tunnel, while exempting trusted domains and local addresses.

Note that every file can be run via a doubleclick in the file explorer, or
it can be run in a Runbox via a custom 'App Paths' registry key, but in general, everything is connected together by the main psiphon.bat script.
Win+R > psiphon

When you run the Psiphon SOCKS5 GUI, it automatically changes certain
Windows proxy settings while it is active, and then reverts them when
you close it.

1. The PAC script URL in the WinINET (Internet Settings) registry key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
This is set to something like http://127.0.0.1/proxy.pac
when Psiphon is running, and cleared when it stops.

2. The Auto-Detect setting in the same key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
This is enabled when Psiphon is running with PAC logic,
and disabled when it stops.

3. The WinHTTP proxy configuration:
'netsh winhttp show proxy' will show Psiphon's local HTTP,
HTTPS & SOCKS ports while it is active & Direct access
(no proxy server) after it closes.

4. Optionally, Mongoose serves proxy.pac & listens on the localhost.
Mongoose is not responsible for setting registry keys or
configuring proxy settings itself, Instead, its role is limited to
Serving the PAC file (proxy.pac) over HTTP at http://127.0.0.1/proxy.pac
Listening on localhost to respond to Windows requests for the PAC script
Enabling dynamic retrieval of PAC logic when AutoConfigURL is set

In short, Psiphon's GUI automatically adjusts key Windows proxy settings
while active, then reverts them when closed. Specifically:
a. It sets the PAC script URL in the registry to http://127.0.0.1/proxy.pac.
b. It enables the Auto-Detect flag so Windows applies PAC logic.
c. It configures WinHTTP to use Psiphon's local proxy ports (HTTP, HTTPS & SOCKS).
d. It clears those settings when Psiphon exits, restoring direct access.

Together, Psiphon & my custom scripts create a unified proxy environment. Traffic is routed securely through Psiphon's tunnel where finicky domains
(such as Amazon Vine, Google GMail & Microsoft AI clients) are bypassed,
and local addresses are excluded.

When the tunnel closes, everything reverts cleanly to default behavior.
Here is an OPTIONAL custom script which simply reports what's happened.

@echo off
REM C:\data\sys\batch\checkproxy.bat 20250916
REM This is version 1.2
REM Custom unified Windows proxy diagnostic tool
REM v1.0 lists WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM v1.1 replaces echo. with echo( to avoid command misinterpretation
REM v1.2 adds PAC file existence check and SHA256 hash logging (114 lines)

setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
set PACFILE=C:\data\sys\batch\proxy.pac

echo ==============================================
echo WINDOWS PROXY CONFIGURATION CHECK
echo ==============================================

REM --- PAC file existence check ---
if not exist "%PACFILE%" (
echo WARNING: PAC file not found at %PACFILE%
) else (
echo PAC file found at %PACFILE%
echo PAC file SHA256 hash:
certutil -hashfile "%PACFILE%" SHA256
)

REM --- WinINET (manual proxy) ---
echo(
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy ---
echo(
echo [2] WinHTTP proxy (system/background services)
netsh winhttp show proxy

REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo(
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B

if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)

echo(
echo ==============================================
echo Check complete.
echo ==============================================

endlocal
pause
--
Efficiency is turning 4 clicks into 3 & 3 clicks into 2 & 2 clicks into 1.

--- SoupGate-Linux v1.05
* Origin: Dragon's Lair ---:- FidoNet<>Usenet Gateway -:--- (3:633/10)

XPost: alt.comp.os.windows-11, alt.msdos.batch
From: marionf@fact.com

Marion wrote:

Included below is an OPTIONAL proxy-checking script that I wrote early on which outputs what is happening when Psiphon.bat is setting & unsetting things, along with Psiphon itself syncing stuff when starts & stops.
C:\data\sys\batch\checkproxy.bat
Win+R > checkproxy

Here is a sample output from the OPTIONAL checkproxy status reporter.
Win+R > checkproxy
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\checkproxy.exe
@=C:\data\sys\batch\checkproxy.bat

BEFORE:
==============================================
WINDOWS PROXY CONFIGURATION CHECK
==============================================
PAC file found at C:\data\sys\batch\proxy.pac
PAC file SHA256 hash:
SHA256 hash of C:\data\sys\batch\proxy.pac:
2517c249250634f579524fae59194aee32a4498a5c6bbf3cf4ef40b3d493bb46
CertUtil: -hashfile command completed successfully.

[1] WinINET / Internet Settings
Proxy is DISABLED

[2] WinHTTP proxy (system/background services)

Current WinHTTP proxy settings:

Direct access (no proxy server).


[3] PAC / AutoDetect
No PAC script URL found.
Auto-detect is DISABLED

==============================================
Check complete.
==============================================
Press any key to continue . . .

AFTER:
waiting for mongoose... (added in v2.0)
Run proxy sync...
Sync WinINET into WinHTTP...

Current WinHTTP proxy settings:

Direct access (no proxy server).

Done.
============================================
WINDOWS PROXY CONFIG CHECK
============================================

[1] WinINET
Proxy DISABLED

[2] WinHTTP
WinHTTP proxy already set

Current WinHTTP proxy settings:

Direct access (no proxy server).


[3] PAC / AutoDetect
PAC URL: http://127.0.0.1/proxy.pac
PAC logic: Bypass Gmail, Amazon Vine, Copilot
Other traffic via SOCKS proxy 127.0.0.1:1080
Auto-Detect DISABLED

============================================
Proxy check complete
============================================
Apply PAC logic...
Set PAC URL: http://127.0.0.1/proxy.pac
============================================
WINDOWS PROXY CONFIG CHECK
============================================

[1] WinINET
Proxy DISABLED

[2] WinHTTP
WinHTTP proxy already set

Current WinHTTP proxy settings:

Direct access (no proxy server).


[3] PAC / AutoDetect
PAC URL: http://127.0.0.1/proxy.pac
PAC logic: Bypass Gmail, Amazon Vine, Copilot
Other traffic via SOCKS proxy 127.0.0.1:1080
Auto-Detect ENABLED

============================================
Proxy check complete
============================================
Re-capturing final status...
PAC URL: http://127.0.0.1/proxy.pac
Auto-Detect ENABLED

Current WinHTTP proxy settings:

Proxy Server(s) : http=127.0.0.1:63750;https=127.0.0.1:63750;socks=127.0.0.1:1080
Bypass List : <local>;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;169.254.*;[fc*];[fd*];[fe8*];[fe9*];[fea*];[feb*]
--
The Psiphon proxy is much faster than system-wide VPN typically is.

--- SoupGate-Linux v1.05
* Origin: Dragon's Lair ---:- FidoNet<>Usenet Gateway -:--- (3:633/10)

XPost: alt.comp.os.windows-11, alt.msdos.batch
From: marionf@fact.com

Marion wrote:

OPTION 1: Disable proxy in Thunderbird entirely
a. Tools > Settings > Network & Disk Space > Connection > Settings...
b. Select "No proxy"
c. This sends all traffic directly, including Gmail

Thunderbird does not support domain-based proxy exceptions
If you use "Manual proxy configuration" with SOCKS 127.0.0.1:1080,
then all traffic goes through Psiphon
There is no built-in way to exclude Gmail while proxying other traffic

OPTION 2: Launch Thunderbird with proxy environment variables. Yuck.
a. Set environment variables before launching Thunderbird:
set NO_PROXY=google.com,gmail.com
set SOCKS_PROXY=127.0.0.1:1080
start thunderbird.exe

A customizable-domain proxy client is great, but some Windows apps, like Thunderbird/Betterbird, won't use the intelligent PAC file to determine
which domains should bypass the proxy and which should be tunneled.

I'm not sure which mail domains are finicky (e.g., protonmail?) but in my experience, Google's servers hate it when I use VPN and/or SOCKS proxy.

So the simplest option is to turn off the TB/BB proxy setting altogether.

I'm in Betterbird 102.10.1-bb34 (64-bit) where the settings to make
Betterbird connect directly to Gmail (without using a proxy) are...
1. Start Betterbird 102.10.1-bb34
2. Go to "Tools > Settings > General"
3. Scroll down to "Network & Disk Space"
4. Click the "Connection" [Settings...] button.
5. In the Connection Settings dialog is a section titled
"Configure Proxies to Access the Internet"
6. The default is "Use system proxy settings"
7. Change that to "No proxy" if you're using GMail, which is finicky.
8. Click "OK" to save and exit.

This should be exactly the same for Thunderbird since BetterBird
improvements don't extend to the proxy mechanism of Thunderbird.

Turning off the proxy mechanism ensures Betterbird bypasses any SOCKS proxy
or system proxy settings and connects directly to Gmail servers using the normal internet connection.

If you know of a way to get TB to respect Windows PAC files, let me know!

--- SoupGate-Linux v1.05
* Origin: Dragon's Lair ---:- FidoNet<>Usenet Gateway -:--- (3:633/10)

XPost: alt.comp.os.windows-11, alt.msdos.batch
From: marionf@fact.com

This is optional, for privacy since Psiphon phones home upon invocation,
where below is a dummybrowser.bat file which captures rogue URI calls.

This other piece of the evolving puzzle which was solved within days of installing Psiphon, which is that when executed, it phones home to a server.

Worse, see sig, it adds a LOT of fingerprinting data to that call home!

Not only does it phone home to a web server, but it provides that web
server with a ton of fingerprinting information you'd rather not give it.

It's hard coded into Psiphon, but you can intercept it so it never makes it onto the Internet, where there are many ways to intercept rogue URIs.

I chose to change the default browser but there are many other ways.
Note that you "can" set up a default browser to a batch file (*.bat)
but I didn't know that at the time I set it up as it's not one
of the options by default, so I converted the batch to an executable.

At first I tried the native Windows bat-to-exe converter wizard
C:\Windows\System32\IExpress.exe
But after a few attempts, I switched to the Bat_To_Exe_Converter.
<https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases>
Name: Bat_To_Exe_Converter_x64.exe
Size: 2106368 bytes (2057 KiB)
SHA256: 1399EDE8F024E70025E55321D25BEAB7104A32E79512B11B4FFC779C82542CC6

Here's how I set dummybrowser.bat -> exe to the default web browser.

1. Write the dummybrowser.bat file (included below for completeness).

2. Convert the dummybrowser.bat batch file to an EXE:
a. Open the Bat_To_Exe_Converter_x64.exe freeware converter
b. File > Open > C:\data\sys\batch\dummybrowser.bat
c. Set options:
Exe-Format: 32-bit
Interface: Console (Visible)
Leave other fields blank
d. Click Convert
e. Save as: C:\data\sys\batch\dummybrowser.exe

3. Create a Windows registry entry for your dummy browser:
a. Open an elevated command prompt (Win+R > cmd {ctrl+shift+enter})
b. Run the following command to add the registry key:
reg add "HKLM\SOFTWARE\Classes\DummyBrowserHTML\shell\open\command" /ve /d "\"C:\\data\\sys\\batch\\dummybrowser.exe\" \"%1\"" /f

4. Set your dummybrowser executable as the default Windows browser:
a. Open Windows Settings (Win+I)
b. Go to Apps > Default apps
c. Scroll to "Web browser"
d. Click the current browser icon
e. Choose "Dummy Browser" from the list

5. Verify interception:
a. Run: C:\data\sys\batch\dummybrowser.exe "https://example.com"
b, Check log file: type C:\data\sys\log\dummybrowser.log
c. Confirm entries are logged

NOTES:
A. dummybrowser.exe will now intercept all system-level browser calls
B. It's useful for logging or blocking rogue outbound traffic
C. I used gVim but you may need to change the path to NotePad++

Here's the dummybrowser.bat code (which can be greatly improved).
@echo off
REM C:\data\sys\batch\dummybrowser.bat 20250819
REM This is rev 2.0
REM All calls to the default web browser are intercepted & logged
REM C:\data\sys\batch\dummybrowser.bat 20250916 revision 1.8
REM C:\data\sys\batch\dummybrowser.bat 20250916 revision 1.9
REM Removed gVim launch so the log is now read only when displayed
REM C:\data\sys\batch\dummybrowser.bat 20250916 revision 2.0
REM Restored gVim launch in read-only mode to view log w/o locking
:: Batch to be converted to an exe to be easily set as the default browser
:: Start clean by deleting any existing log files.
:: del C:\data\sys\log\dummybrowser.log
:: Open admin prompt (Win+R > cmd {ctrl+shft+enter} & kill leftovers
:: taskkill /IM dummybrowser.exe /F
:: Start GitHub Bat_To_Exe_Converter_x64.exe
:: <https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases>
:: File > Open > C:\data\sys\batch\dummybrowser.bat
:: Options: Exe-Format: 32-bit | Console (Visible)
:: Leave all other fields blank/unchecked
:: Click Convert
:: Save as: C:\data\sys\batch\dummybrowser.exe
:: To test, run in a command prompt:
:: C:\data\sys\batch\dummybrowser.exe test123
:: [Tue 09/16/2025 16:55:50.72] Attempted launch: (fingerprint)
:: C:\data\sys\batch\dummybrowser.exe test123
:: C:\data\sys\batch\dummybrowser.exe "https://abc.com/?a=1&b=2"
:: Verify both entries in: C:\data\sys\log\dummybrowser.log
:: type C:\data\sys\log\dummybrowser.log
:: Confirm registry entry for default browser options exists.
:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DummyBrowserHTML\shell\open\command]
:: @="\"C:\\data\\sys\\batch\\dummybrowser.exe\" \"%1\""
:: Check that dummybrowser is set as the default browser
:: Win+I > Apps > Default apps > Web browser > Choose Dummy Browser

set LOGFILE=C:\data\sys\log\dummybrowser.log

REM Append new entry
echo [%date% %time%] Attempted launch: %* >> %LOGFILE%

REM Open log in gVim read-only and exit immediately
start "" "C:\app\editor\txt\vim\gvim.exe" -R "%LOGFILE%"

exit /b

Note that this dummy browser, while useful with for Psiphon, is not required. --
This is an actual capture from my dummy browser log file.
[Wed 09/17/2025 9:26:06.04] Attempted launch: C:\data\sys\batch\dummybrowser.exe "https://ipfounder.net/?sponsor_id=1CD935B4F29412DA&sponsor=psiphon&client_region=US&client_asn=32829&client_platform=windows&secret=
580XghQJ18zK2gpxV7cfR3wTEUydcHK8KCEryhkes6QJtmRDF1xnPQqvydpwxzUvZtqnvT5yqLFnfXEnUgie7m9kiW8P4QRZpir3j7eFeLKC5DhM7EloZTFNu3DD8XKux2MBY6mcdUC7jqhVy17xynvEMaZ2bkfdgQHCrgsRKej3r7uc1HTGg2PL4y2rYLxzknOQc4K&psireason=connect&psicash=
eyJtZXRhZGF0YSI6eyJjbGllbnRfcmVnaW9uIjoiVVMiLCJjbGllbnRfdmVyc2lvbiI6IjE4NiIsInByb3BhZ2F0aW9uX2NoYW5uZWxfaWQiOiI5MkFBQ0M1QkFCRTA5NDRDIiwic3BvbnNvcl9pZCI6IjFDRDkzNUI0RjI5NDEyREEiLCJ1c2VyX2FnZW50IjoiUHNpcGhvbi1Qc23DYXNoLVdpbmRvd3MiLCJ4IjoxfSwidGltZXN0YW1wIjo
iMjAyNS0wOS0xN1QxNToyNjowNS42NDBaIiwidG9rZW5zIjpidWxsLCJ2IjoxfD"
[Wed 09/17/2025 10:24:25.23] Attempted launch: C:\data\sys\batch\dummybrowser.exe "https://ipfounder.net/?sponsor_id=1CD935B4F29412DA&sponsor=psiphon&client_region=US&client_asn=32829&client_platform=windows&secret=
580XghQJ18zK2gpxV7cfR3wTEUydcHK8KCEryhkes6QJtmRDF1xnPQqvydpwxzUvZtqnvT5yqLFnfXEnUgie7m9kiW8P4QRZpir3j7eFeLKC5DhM7EloZTFNu3DD8XKux2MBY6mcdUC7jqhVy17xynvEMaZ2bkfdgQHCrgsRKej3r7uc1HTGg2PL4y2rYLxzknOQc4K&psireason=connect&psicash=
eyJtZXRhZGF0YSI6eyJjbGllbnRfcmVnaW9uIjoiVVMiLCJjbGllbnRfdmVyc2lvbiI6IjE4NiIsInByb3BhZ2F0aW9uX2NoYW5uZWxfaWQiOiI5MkFBQ0M1QkFCRTA5NDRDIiwic3BvbnNvcl9pZCI6IjFDRDkzNUI0RjI5NDEyREEiLCJ1c2VyX2FnZW50IjoiUHNpcGhvbi1Qc23DYXNoLVdpbmRvd3MiLCJ4IjoxfSwidGltZXN0YW1wIjo
iMjAyNS0wOS0xN1QxNjoyNDoyNS4xMjJaIiwidG9rZW5zIjpidWxsLCJ2IjoxfD"
[Wed 09/17/2025 11:46:38.25] Attempted launch: C:\data\sys\batch\dummybrowser.exe "https://ipfounder.net/?sponsor_id=1CD935B4F29412DA&sponsor=psiphon&client_region=US&client_asn=32829&client_platform=windows&secret=
580XghQJ18zK2gpxV7cfR3wTEUydcHK8KCEryhkes6QJtmRDF1xnPQqvydpwxzUvZtqnvT5yqLFnfXEnUgie7m9kiW8P4QRZpir3j7eFeLKC5DhM7EloZTFNu3DD8XKux2MBY6mcdUC7jqhVy17xynvEMaZ2bkfdgQHCrgsRKej3r7uc1HTGg2PL4y2rYLxzknOQc4K&psireason=connect&psicash=
eyJtZXRhZGF0YSI6eyJjbGllbnRfcmVnaW9uIjoiVVMiLCJjbGllbnRfdmVyc2lvbiI6IjE4NiIsInByb3BhZ2F0aW9uX2NoYW5uZWxfaWQiOiI5MkFBQ0M1QkFCRTA5NDRDIiwic3BvbnNvcl9pZCI6IjFDRDkzNUI0RjI5NDEyREEiLCJ1c2VyX2FnZW50IjoiUHNpcGhvbi1Qc23DYXNoLVdpbmRvd3MiLCJ4IjoxfSwidGltZXN0YW1wIjo
iMjAyNS0wOS0xN1QxNzo0NjozNy43MjdaIiwidG9rZW5zIjpidWxsLCJ2IjoxfD"
[Thu 09/18/2025 2:52:35.33] Attempted launch: C:\data\sys\batch\dummybrowser.exe "https://ipfounder.net/?sponsor_id=1CD935B4F29412DA&sponsor=psiphon&client_region=US&client_asn=32829&client_platform=windows&secret=
580XghQJ18zK2gpxV7cfR3wTEUydcHK8KCEryhkes6QJtmRDF1xnPQqvydpwxzUvZtqnvT5yqLFnfXEnUgie7m9kiW8P4QRZpir3j7eFeLKC5DhM7EloZTFNu3DD8XKux2MBY6mcdUC7jqhVy17xynvEMaZ2bkfdgQHCrgsRKej3r7uc1HTGg2PL4y2rYLxzknOQc4K&psireason=connect&psicash=
eyJtZXRhZGF0YSI6eyJjbGllbnRfcmVnaW9uIjoiVVMiLCJjbGllbnRfdmVyc2lvbiI6IjE4NiIsInByb3BhZ2F0aW9uX2NoYW5uZWxfaWQiOiI5MkFBQ0M1QkFCRTA5NDRDIiwic3BvbnNvcl9pZCI6IjFDRDkzNUI0RjI5NDEyREEiLCJ1c2VyX2FnZW50IjoiUHNpcGhvbi1Qc23DYXNoLVdpbmRvd3MiLCJ4IjoxfSwidGltZXN0YW1wIjo
iMjAyNS0wOS0xN1QxNzo0NjozNy43MjdaIiwidG9rZW5zIjpidWxsLCJ2IjoxfD"

--- SoupGate-Linux v1.05
* Origin: Dragon's Lair ---:- FidoNet<>Usenet Gateway -:--- (3:633/10)

XPost: alt.comp.os.windows-11, alt.msdos.batch
From: address@is.invalid

Arlen,

This other piece of the evolving puzzle which was solved within
days of installing Psiphon, which is that when executed, it phones
home to a server.

Really ? "it phones home to a server" ? Either you have no idea how a VPN (for hiding your IP) works, or you forgot to add some information.

Also, have you ever thought about checking what that server it "phones home"
to actually is ? No ? Why not ?

Furthermore, do you think that if the makers of Psiphon wanted grab some private data from your 'puter they could not have simply added another connection to the tunnel it creates - leaving you none-the-wiser ?

iow, the Psiphon client software does not need that "dummy browser" of yours
to connect with the internet. Worse, it would make the the whole "phoning home" thing needlesly complicated.

-- But if it actually "phones home" to grab data from your machine that way (unlikely) than do remember the old saying : when you get stuff for free its likely you are the product, not the customer.

Regards,
Rudy Wieser

--- SoupGate-Linux v1.05
* Origin: Dragon's Lair ---:- FidoNet<>Usenet Gateway -:--- (3:633/10)

XPost: alt.comp.os.windows-11, alt.msdos.batch
From: marionf@fact.com

Marion wrote:

Turning off the proxy mechanism ensures Betterbird bypasses any SOCKS proxy or system proxy settings and connects directly to Gmail servers using the normal internet connection.

If you know of a way to get TB to respect Windows PAC files, let me know!

Thinking about the solution as I rarely (if ever) fail, I think I may have found an easy cross-platform open source solution to that problem set...

A PAC (Proxy Auto Config) file is a JavaScript file used by browsers or
other applications that support the PAC standard. For each URL or host it decides whether to send the request through a proxy or connect directly. It only works for software that can load and follow a PAC file. PAC files are generally limited to controlling HTTP and HTTPS traffic and do not handle
other protocols such as IMAP or SMTP. Programs that ignore proxy settings
such as Thunderbird or Betterbird (which are not browsers) will not be affected.

To make Thunderbird follow proxy rules we need an external tool that can intercept its connections. My first choice would be an open source
proxifier such as SocksCap64 which can force Thunderbird to use a proxy. However SocksCap64 cannot apply different rules for different domains and
will send all traffic through the same proxy without selective routing.
<https://sourceforge.net/projects/sockscap64/>

<https://netactuate.dl.sourceforge.net/project/sockscap64/SocksCap64-setup-3.6.exe>
Name: SocksCap64-setup-3.6.exe
Size: 6193115 bytes (6047 KiB)
SHA256: B2DA49EC9A2702CFD7625D3F152AF98A4C8E3E155DAB78686962BB3DF1F76825

This is where the cross-platform open-source NekoBox may come in handy.
<https://github.com/MatsuriDayo/nekoray

<https://github.com/MatsuriDayo/nekoray/releases/download/4.0.1/nekoray-4.0.1-2024-12-12-windows64.zip>
Name: nekoray-4.0.1-2024-12-12-windows64.zip>
Size: 41719145 bytes (39 MiB)
SHA256: A492224792C38BD1A3B7A5438B1431C5CB4260F55E9A121DB3B2CE1603F7664A

NekoRay or NekoBox is an open source V2Ray/Sing box proxy manager with a graphical interface that sits between our applications & our upstream
proxy such as Psiphon. Unlike proxifiers such as SocksCap64, NekoBox can
apply user-defined specific-domain routing rules so that some domains or IP ranges go through a proxy while others connect directly (bypassing
proxies).

NekoRay can also handle multiple protocols including HTTP HTTPS SOCKS
IMAP SMTP and more which allows it to apply selective routing to non HTTP traffic. By pointing Thunderbird to NekoBox instead of directly to Psiphon
we should be able to recreate the selective routing logic of a PAC file and apply it to applications that do not support PAC files at all.

In practice this means we can keep using the PAC file to control proxy
behavior for web browsers exactly as we do now while letting NekoRay handle
the same selective routing for Thunderbird. We would configure NekoRay so
that Gmail IMAP and SMTP servers are marked as direct connections and all
other destinations are sent through Psiphon. Thunderbird would be pointed
to NekoRay's local listener instead of Psiphon directly so NekoRay can
enforce those rules. The end result is a unified setup where browsers
follow the PAC file and non browser applications such as Thunderbird follow equivalent rules inside NekoRay giving us consistent split tunnel behavior across all software.

I am testing it as we speak but I post this 1st to ask if anyone has a
better solution to force Thunderbird to selectively route so that all
traffic goes through the proxy except the Google GMail server traffic.

--- SoupGate-Linux v1.05
* Origin: Dragon's Lair ---:- FidoNet<>Usenet Gateway -:--- (3:633/10)

XPost: alt.comp.os.windows-11, alt.msdos.batch
From: marionf@fact.com

UPDATE

In another thread today I described how I installed & ran a YouTube client
that allowed me to view YouTube videos without logging in & without any ads (both the type of ads that YouTube inserts & even creator-inserted ads).
a. Pre-roll ads (before the video starts)
b. Mid-roll ads (interrupting the video)
c. Banner ads (overlaying the video)
d. Sidebar ads (on the YouTube page)
e. Sponsor blocks (remove known ads inserted by creators)
<https://freetubeapp.io/>

The YouTube client I tested today was FreeTube, which worked well.
But it was obstinate during a proxy that it didn't like my proxy.
Worse, AFTER the proxy was shut down, it failed until I rebooted.

Huh?
Why did FreeTube barf when I killed the proxy but nothing did before it?

Turns out my script to kill the proxy needed a LOT of improvements!
The FreeTube "app" is apparently a web browser using system-proxy settings.

It was still using "some" of the proxy settings even though the proxy
was no longer running. I hadn't noticed before that this happened.

Hence, here's a working script to KILL the proxy & wipe it off Windows.

@echo off
REM C:\data\sys\batch\psiphonstop.bat version 1.0 20250819
REM This is psiphonstop.bat version 1.9
REM Close Psiphon GUI first to let it attempt its own cleanup.
REM Then run psiphonstop.bat to:
REM 1. Check for any lingering processes (Psiphon or Mongoose).
REM 2. Kill any lingering processes (Psiphon or Mongoose).
REM 3. Reset WinINET and WinHTTP proxy settings.
REM 4. Log the shutdown for traceability in mongoose & proxy logs.
REM Additions in version 1.0 (41 lines)
REM As admin, it stops Psiphon GUI, Mongoose, and resets proxy settings
REM Logs shutdown event to proxy.log and mongoose.log for lifecycle tracking
REM Changes in version 1.1 (46 lines)
REM Added Psiphon GUI termination step (v1.1)
REM Added [STOP] prefix to log entries for clarity (v1.1)
REM Changes in version 1.2 (56 lines)
REM Added conditional checks for running processes before attempting kill/log
REM Only logs shutdown events if process was found running
REM 20250920 psiphonstop.bat 1.3 (68 lines)
REM Fixed Registry Key Not Found error when run with nothing to do
REM Fixed "reset" not a command error by removing the ampersand in the echo
REM 20250920 psiphonstop.bat 1.4 (79 lines)
REM Added better error checking to see if Psiphon or Mongoose are running
REM Added a closer line in the console
REM 20250920 psiphonstop.bat 1.5 (89 lines)
REM Added better explanation of the registry changes in the console output
REM 20250920 psiphonstop.bat 1.6 (108 lines)
REM Set ProxyEnable to 0 so the system knows to bypass proxies (v1.6)
REM Clear ProxyOverride if Psiphon used custom bypass rules (v1.6)
REM Flush DNS and restart networking stack (v1.6)
REM 20250920 psiphonstop.bat 1.7 (121 lines)
REM Exported keys before deletion, just in case (v1.7)
REM fully refresh network adaptor (optional) v1.7
REM 20250920 psiphonstop.bat 1.8 (138 lines)
REM Check for environment proxy settings (v1.8)
REM add browser cache flush and settings reminder (v1.8)
REM add summary log entry with system state (v1.8)
REM Add a success beep or visual cue (v1.8)
REM 20250920 psiphonstop.bat 1.9 (152 lines)
REM Added version banner
REM Log envvars (v1.9)
REM Add browser-specific cleanup reminders (v1.9)

echo ----------------------------------------
echo Psiphonstop.bat v1.9 - Proxy Reset Tool
echo ----------------------------------------

:: --- Elevate to admin if not already ---

nul 2>&1 net session

if %errorlevel% neq 0 (
echo Requesting administrative privileges...
powershell -Command "Start-Process '%~f0' -Verb RunAs"
exit /b
)

REM Check if Psiphon GUI is running (updated for better errors) v1p4
tasklist /fi "imagename eq psiphon3.exe" | find /i "psiphon3.exe" >nul
if %errorlevel%==0 (
taskkill /f /im psiphon3.exe >nul 2>&1
echo [%DATE% %TIME%] [STOP] Psiphon GUI terminated by psiphonstop.bat >> C:\data\sys\log\proxy.log
) else (
echo [%DATE% %TIME%] [STOP] No Psiphon GUI process found >> C:\data\sys\log\proxy.log
)

REM Check if Mongoose is running (updated checks in v1.4)
tasklist /fi "imagename eq mongoose.exe" | find /i "mongoose.exe" >nul
if %errorlevel%==0 (
taskkill /f /im mongoose.exe >nul 2>&1
echo [%DATE% %TIME%] [STOP] Mongoose terminated by psiphonstop.bat >> C:\data\sys\batch\mongoose.log
) else (
echo [%DATE% %TIME%] [STOP] No Mongoose process found >> C:\data\sys\batch\mongoose.log
)


REM Exported keys before deletion, just in case (v1.7)
reg export "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" C:\data\sys\log\proxy_before_reset.reg

REM Reset WinINET proxy settings
echo Resetting WinINET proxy registry values...
REM Fixed Registry Key Not Found error when run with nothing to do (v1.3)
:: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /f >nul
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /f 2>nul

echo reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /f 2>nul

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoDetect /t REG_DWORD /d 0 /f >nul

echo reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoDetect /t REG_DWORD /d 0 /f >nul

:: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f >nul
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f 2>nul
echo reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f 2>nul

:: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f >nul
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f 2>nul
echo reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f 2>nul

REM v1p6
REM Deleting ProxyEnable and ProxyServer does not restore direct access.
REM Set ProxyEnable to 0 so the system knows to bypass proxies (v1.6)
REM Windows interprets missing values differently than explicitly set ones.
REM Explicitly set ProxyEnable to 0 so the system knows to bypass proxies.
REM Now Windows knows to use direct access, not ´no proxy server defined.¡
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

REM Clear ProxyOverride if Psiphon used custom bypass rules (v1.6)
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f

REM Flush DNS and restart networking stack (v1.6)
ipconfig /flushdns
netsh int ip reset

echo Registry operations completed with Proxy settings cleared or updated.

REM Reset WinHTTP proxy settings
netsh winhttp reset proxy

REM Always log proxy reset regardless of process status
echo [%DATE% %TIME%] [STOP] Proxy settings reset by psiphonstop.bat >> C:\data\sys\log\proxy.log

REM Fixed "reset" unrecognized command error by removing ampersand (v1p3)
:: echo Psiphon, proxy settings, and Mongoose have been logged & reset.
echo "Psiphon, proxy settings and Mongoose have been logged and reset."

REM Check for environment proxy settings (v1.8)
set | findstr /i proxy
REM Log envvars (v1.9)
set | findstr /i proxy >> C:\data\sys\log\proxy_envvars.log

REM fully refresh network adaptor (optional) v1.7
netsh winsock reset

REM add browser cache flush and settings reminder (v1.8)
echo Reminder: Disable any proxy/VPN browser extensions manually.
echo Reminder: Clear browser cache or try Incognito mode if issues persist.

REM Add browser-specific cleanup reminders (v1.9)
echo Chrome: chrome://settings/system > disable ´Use proxy¡
echo Firefox: about:preferences > Network Settings > ´No proxy¡

REM add summary log entry with system state (v1.8)
echo [%DATE% %TIME%] [STOP] Proxy teardown complete. System set to direct access. >> C:\data\sys\log\proxy.log

REM Added a console output for closure (v1.4)
echo [%DATE% %TIME%] Psiphonstop.bat completed. See logs for details.

REM Add a success beep or visual cue (v1.8)
echo Operation complete. System proxy is OFF.
powershell -c "[console]::beep(1000,300)"

pause


--
That thread about YouTube clients is this one from today:
From: Marion <marionf@fact.com> alt.comp.os.windows-10,alt.comp.os.windows-11,alt.comp.microsoft.windows
What are your experiences with free Windows YouTube replacement clients?
Date: Sat, 20 Sep 2025 22:32:49 -0000 (UTC)
Message-ID: <10ana2g$2noo$1@nnrp.usenet.blueworldhosting.com>

--- SoupGate-Linux v1.05
* Origin: Dragon's Lair ---:- FidoNet<>Usenet Gateway -:--- (3:633/10)