This repository contains two components:
- WPAD Proxy Manager (Web) - A web-based tool for managing and testing WPAD/PAC configurations
- WPAD Proxy for iOS - An iOS app for system-wide proxy configuration (requires Xcode/macOS)
A web-based management tool for creating, testing, and serving WPAD (Web Proxy Auto-Discovery) and PAC (Proxy Auto-Config) files.
- ✅ Web-based PAC script editor with validation
- ✅ Real-time proxy rule testing
- ✅ WPAD endpoint serving (
/wpad.dat) - ✅ PAC file endpoint (
/proxy.pac) - ✅ Multiple PAC script templates
- ✅ Remote PAC file fetching and validation
- ✅ Configuration persistence
- Install dependencies:
npm install - Start the server:
npm run dev - Open browser to:
http://localhost:5000
- Web Interface:
http://localhost:5000 - WPAD File:
http://localhost:5000/wpad.dat - PAC File:
http://localhost:5000/proxy.pac
The web interface allows you to:
- Edit and validate PAC scripts
- Test URLs against your proxy rules
- Use pre-built PAC templates
- Fetch and validate remote PAC files
A system-wide proxy application for iOS that uses PAC (Proxy Auto-Config) files and WPAD (Web Proxy Auto-Discovery) to automatically configure proxy settings for all network connections.
- ✅ System-wide proxy enforcement via NetworkExtension
- ✅ PAC file evaluation using native CFNetwork APIs
- ✅ WPAD auto-discovery support
- ✅ Manual PAC URL configuration
- ✅ Local PAC script support
- ✅ Real-time proxy rule testing
- ✅ Connection logging and monitoring
- ✅ Support for HTTP, HTTPS, and SOCKS proxies
- ✅ Automatic bypass for local networks
- macOS with Xcode 15.0 or later
- iOS 14.0+ deployment target
- Apple Developer Account ($99/year) for NetworkExtension entitlements
- Physical iOS device (NetworkExtension doesn't work in simulators)
- Double-click
WPADProxy.xcodeprojto open in Xcode - Wait for Xcode to index the project
- Select the WPADProxy target in Xcode
- Go to Signing & Capabilities tab
- Select your development team
- Xcode will automatically create provisioning profiles
- In Signing & Capabilities, find App Groups
- If not present, click + Capability → App Groups
- Ensure
group.me.sokolov.wpadproxyis checked - Repeat for the PacketTunnel target
- Go to your Apple Developer account at https://developer.apple.com
- Navigate to Certificates, Identifiers & Profiles
- Find your app identifier:
me.sokolov.wpadproxy - Edit the identifier and enable Network Extensions
- Select Packet Tunnel Provider
- Save changes
If you want to use your own bundle ID:
- Replace
me.sokolov.wpadproxywith your bundle ID throughout the project - Update the App Group to
group.your.bundle.id - Update both Info.plist files
- Update entitlements files
- Connect your iPhone/iPad via USB
- Select your device from the device selector
- Press Cmd+R to build and run
- Trust the developer certificate on your device:
- Go to Settings → General → VPN & Device Management
- Find your developer profile and trust it
- Launch the app on your device
- Tap Connect to create the VPN configuration
- iOS will prompt to add VPN configuration - tap Allow
- Enter your device passcode
- The VPN will now appear in Settings → VPN
- Go to Configuration tab
- Select Auto-Discovery (WPAD)
- Enter your domain (default: sokolov.me)
- The app will look for
wpad.sokolov.me/wpad.dat
- Select Manual PAC URL
- Enter your PAC file URL
- Tap Test PAC URL to verify
- Select Local Rules
- Tap Edit PAC Script
- Enter your PAC JavaScript or use the template
- Go to the Test Rules tab
- Enter a URL (e.g., https://google.com)
- Tap Test to see which proxy will be used
- Results show either:
PROXY hostname:port- Traffic goes through proxyDIRECT- Traffic bypasses proxy
Since your domain is sokolov.me, ensure:
- Your PAC file is accessible at:
http://wpad.sokolov.me/wpad.dat - DNS record exists:
wpad.sokolov.me→ your server IP - Web server returns correct MIME type:
application/x-ns-proxy-autoconfig
Here's a sample PAC file for your domain:
function FindProxyForURL(url, host) {
// Direct connection for local addresses
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(host, "10.0.0.0", "255.0.0.0") ||
isInNet(host, "172.16.0.0", "255.240.0.0") ||
isInNet(host, "192.168.0.0", "255.255.0.0") ||
dnsDomainIs(host, ".sokolov.me")) {
return "DIRECT";
}
// Use proxy for specific domains
if (dnsDomainIs(host, ".facebook.com") ||
dnsDomainIs(host, ".twitter.com")) {
return "PROXY proxy1.sokolov.me:8080";
}
// Default: try proxy first, then direct
return "PROXY proxy.sokolov.me:8080; DIRECT";
}- Ensure NetworkExtension capability is enabled
- Check that provisioning profiles are valid
- Verify bundle IDs match in all targets
- Make sure you're testing on a physical device
- Check PAC file URL is accessible
- Verify MIME type is correct
- Test PAC syntax using the app's test feature
- Check console logs in Xcode
- Verify PAC script returns valid proxy strings
- Check proxy server is running and accessible
- Review connection logs in the Status tab
- Ensure iOS device can reach the proxy server
NetworkExtensions have a 15MB memory limit. If the extension crashes:
- Reduce logging
- Optimize PAC evaluation caching
- Minimize stored connection data
To view detailed logs while debugging:
- Run the app from Xcode
- Open Console.app on your Mac
- Filter by your device name
- Search for "me.sokolov.wpadproxy"
- PAC scripts run in a sandboxed JavaScript environment
- Network traffic is processed locally on device
- No data is sent to external servers unless configured
- Proxy credentials should be handled securely
For issues specific to this implementation:
- Check the logs in Xcode Console
- Review the Status tab for connection errors
- Verify your PAC file syntax
- Test with a simple PAC file first
This project is provided as-is for your use with your domain sokolov.me.