Configure system wide proxy setting

Question

I want to set system wide proxy settings on my windows machine. I know about the settings from Internet Explorer but dont want to do it that way. Is there a way to set up a proxy which will be used by all the applications on my machine(especially firefox, I dont want to have to set Use System proxy Settings in the Firefox options menu)?

I think IE's settings actually change the system wide proxy and Firefox can opt to use that. Why is that not an option? (This arguably isn't really on topic here though) — Pekka, Oct 24 '13 at 13:32
Yes they do, but i dont want to do it via IE, Is there a way to do it via cmd prompt or something? — user2318314, Oct 24 '13 at 13:33
Googling `windows set proxy command line` seems to turn up some useful results — Pekka, Oct 24 '13 at 13:34
and then i would also have to set FF's Use system settings option, which i want to avoid. — user2318314, Oct 24 '13 at 13:34
@Pekka 웃 Firefox is able to bypass the setting via "set HTTP_PROXY=http://user:password@proxy.domain.com:port" unless the Use System Proxy option is set — user2318314, Oct 24 '13 at 13:37

score 0 · Answer 1 · edited Mar 20 '17 at 10:18

0

In windows, that is the preferred way to set up the proxy settings. But you can have a look at this for command line options

https://superuser.com/questions/419696/in-windows-7-how-to-change-proxy-settings-from-command-line

edited Mar 20 '17 at 10:18

Community

1
1

answered Oct 24 '13 at 13:34

Argha Sen

81
7

you have to specify somthing to firefox else how will it know where to pick up the proxy from – Argha Sen Oct 24 '13 at 13:38

score 0 · Answer 2 · edited Jun 20 '20 at 09:12

How can this be achieved theoretically

I am going to provide a somewhat unusual answer, because I've noticed that this particular 'way' of solving this problem has (for some reason) not crossed people's minds so far.

If you want to really make all apps without exception send internet traffic through your proxy, you are going to have to use a special technology known as TUN/TAP devices.

In short, these are special drivers, which when installed appear to a system as a network adapter (just like your local Ethernet or Wireless card), but they are in fact built in such a way so as to be easy to control from a software level.

Basically, when you install such a driver on the system, the system now regards that device as a fully functional Network Adapter. Therefore, if you now set this network adapter as the default gateway, all apps (without knowing it or being able to prevent it) will automatically pass through it, the same way as all apps pass through a generic Wireless Adapter / Ethernet.

Practical ways of achieving this / How can I use this with proxies?

Now that you have a basic idea of what redirecting system traffic through a TAP/TUN device means, there are a couple of ways of doing this.

Before I start, I really recommend that even if you stray from the suggested resources here, you stick to using OpenVPN's open source TAP device, since it has been extensively tested and confirmed to work on many systems, and is very widely used now (Some basics are available at https://openvpn.net/tuntap, and I trust you should find it embedded in any latest version of OpenVPN, the only files you need are the compiled drivers (.inf), you don't need to have the entirety of OpenVPN installed to use them).

The project that instantly comes to mind when thinking of using SOCKS proxies as the endpoint of a TAP device is badvpn/tun2socks. The project basically does exactly what is outlined here, so I definitely recommend you read the source code, or use it as a standalone utility (If you need some help with usage, I suggest you check out this wiki page.

What if any are the drawbacks of using this approach?

First of all, speaking of compatibility, performance and bugs, there are no drawbacks of using this approach at all, it is if anything more reliable and easier to use then even the ways of doing this provided by the system.

The only two drawbacks I can see at this point would be:

You have to be careful to make sure whatever proxy/intermediate host you are using, it is capable of handling at least the majority of system traffic, because if an app sends incompatible internet traffic, it will still be redirected through the TAP device (that is it's purpose).
The code base may be larger than in other cases

An alternative, 'unclean' way of doing this for Firefox in particular

If you are interested in only setting this proxy for Firefox, there are a couple of unclean ways of doing this: For instance, via the command line. It is, however (in my opinion), a very cheap and dirty way of achieving this, as this does not provide any compatibility whatsoever (basically a hack).

Conclusion

While implementing this may take a while, and the code base may be large:

It is not really possible, through any other means to achieve the same effect as VPNs achieve when they tunnel the entirety of your machine's traffic through the OpenVPN server.

If you want to achieve this kind of behavior, it is recommended that you use the approach outlined above, as it is a lot cleaner then 'alternative' methods of doing so (e.g. Socksifying traffic by intercepting it at a software level)