From Newsgroup: alt.msdos.batch

Tutorial: Windows batch scripts to synchronize proxies & allow pass thru

MY OPINION:
a. Windows sucks on proxies.
b. Firefox sucks on proxies.
c. Chromium sucks on proxies.

UPDATE:

To be clear, I never touched this stuff until Epic Privacy Browser died on
me in early July so all this is completely new to me for building a socks5 proxy that is FAST and FREE and requires no registration (for privacy).
A. The beauty of socks5 is it's fast.
B. The beauty of VPN is it's complete.

There's no reason you can'd to both.
1. First run socks5 and then VPN, or,
2. F\irst run VPN and then socks5.

Ask me how I know that it works. :)

Anyway, I spent all day cleaning up the flow, so I decided to post my
latest update (as of today - which is how I spent my vacation) below.

I hope this helps others, although it's complicated stuff only
because Windows, Mozilla & Chromium can't get their act together.

Plus, Google, Amazon & Microsoft pissed all over my proxy setup.
(They hate us having privacy it seems.)

If only Windows didn't suck so bad with proxies this would be easier.
And if only Mozilla & Chromium didn't suck so bad with proxies too.

Sigh.
All this work is because Mozilla & Chromium & Windows sucks for proxies.

Anyway, I'm ready for bed so here's my log file update for today's work.
<https://psiphon.ca/>
<https://psiphon.ca/en/download-store.html?psiphonca>
Name: psiphon3.exe
Size: 10402576 bytes (10158 KiB)
SHA256: DB1BAF76F0333F4743919A86F35037559F9E7DA7DF14982DFC16FB8DC0BE6BE2

Install location C:\apps\network\proxy\{psiphon,sockscap,freecap}\
Software archives C:\software\network\proxy\{psiphon,sockscap,freecap}\
Pullout menu C:\menus\network\proxy\{psiphon,sockscap,freecap}\

Once you run psiphon3 free socks proxy, you start thinking of all the ways Windows sucks at proxies, and then you try to fix each of those ways.

Sigh.

Below is what took me all day today to build a modular proxy control system that handles all three Windows proxy layers: WinINET, WinHTTP, and PAC/AutoDetect. It launches Psiphon, waits for proxy ports to initialize,
and then runs pac.cmd to sync everything.

Because they hate encryption, the PAC file bypasses Gmail, Amazon, &
Copilot domains, while routing all other traffic through Psiphon's SOCKS
proxy.

These scripts support diagnostic modes, silent execution, & full reset functionality. Since I love the Windows "App Paths" registry key, I've also optionally integrated App Paths for seamless Win+R launching, and included clear usage instructions, versioning, and logging.

It might not be perfect, but I designed it to be portable, maintainable, & extensible. I'm sure there is more to do, but I'm done for today. ================================================================
Step 1: Launch Psiphon
Step 2: Wait for proxy ports to initialize
Step 3: It will then run pac.cmd to sync WinHTTP & apply PAC
Optionally run proxy.cmd for diagnostics & configuration ================================================================
To run "proxy.cmd" using the Windows taskbar-pinned "Win+R" RunBox:
Runbox > pac
Which calls the named App Paths key
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pac.exe
Default=C:\data\sys\apppath\link\pac.lnk

Rightclick C:\data\sys\apppath\link\pac.lnk > Properties
TARGET=C:\Windows\System32\cmd.exe /c "C:\data\sys\batch\pac.cmd" ================================================================
To run "pac.cmd" using the Windows taskbar-pinned "Win+R" RunBox:
Runbox > pac
Which calls the named App Paths key
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pac.exe
Default=C:\data\sys\apppath\link\pac.lnk

Rightclick C:\data\sys\apppath\link\pac.lnk > Properties
TARGET=C:\Windows\System32\cmd.exe /c "C:\data\sys\batch\pac.cmd" ================================================================
psiphon3.lnk
TARGET=C:\data\sys\batch\psiphon-launch.cmd

Win+R > gvim C:\data\sys\batch\psiphon-launch.cmd

@echo off
REM psiphon-launch.cmd v1.1 iX 20250901
REM Launch psiphon3.exe freeware & apply 3-way proxy sync/PAC
REM C:\data\sys\batch\psiphon-launch.cmd
REM Step 1: Launch Psiphon (which only syncs 1 of 3 Windows proxy types)
REM Step 2: Wait for proxy ports to initialize
REM Step 3: Run PAC setup (sync + PAC logic)
REM Note there are 3 different Windows proxy types. Sigh.
REM Type 1: WinINET iX used by IE, Edge (legacy), MS Office & most apps
REM Type 2: WinHTTP iX used by system services like Windows Update
REM Type 3: PAC/AutoDetect iX used by browsers like Chrome, Edge, & Firefox
REM (but Mozilla browsers have to be set first to respect system proxies).

if not exist "C:\app\network\psiphon\psiphon3.exe" (
echo ERROR: Psiphon executable not found.
exit /b
)

start "" "C:\app\network\psiphon\psiphon3.exe"

REM Wait a few seconds for Psiphon to initialize
timeout /t 5 /nobreak >nul

if not exist "C:\data\sys\batch\pac.cmd" (
echo ERROR: pac.cmd not found.
exit /b
)

REM Run PAC setup silently
start "" "C:\data\sys\batch\pac.cmd" /silent

================================================================
Win+R > gvim C:\data\sys\batch\proxy.pac

/* proxy.pac v1.0 iX 20250901
Bypasses proxy for:
- *.google.com, *.gmail.com, *.amazon.com
- *.copilot.microsoft.com
All other traffic routed through SOCKS proxy at 127.0.0.1:1080
*/

function FindProxyForURL(url, host) {
// Bypass Gmail and Google services
if (shExpMatch(host, "*.google.com") ||
shExpMatch(host, "*.gmail.com") ||
shExpMatch(host, "mail.google.com")) {
return "DIRECT";
}

// Bypass Amazon
if (shExpMatch(host, "*.amazon.com") ||
shExpMatch(host, "amazon.com")) {
return "DIRECT";
}

// Bypass Microsoft Copilot-related domains
if (shExpMatch(host, "*.copilot.microsoft.com") ||
shExpMatch(host, "*.bing.com") ||
shExpMatch(host, "*.microsoft.com")) {
return "DIRECT";
}

// Everything else goes through Psiphon SOCKS proxy
return "SOCKS 127.0.0.1:1080";
}

================================================================
Win+R > gvim C:\data\sys\batch\pac.cmd

@echo off
REM pac.cmd v1.5 iX 20250901
REM Sync WinHTTP proxy & apply PAC logic for selective domain bypass
REM Used after Psiphon starts to align all three Windows proxy layers
REM ---------------------------------------------------------------
REM Step 1: Sync WinINET proxy into WinHTTP (used by system services)
REM Step 2: Apply PAC script & enable Auto-Detect (used by browsers)
REM ---------------------------------------------------------------
REM Usage:
REM pac Sync WinHTTP & apply PAC
REM pac /silent Suppress final pause
REM pac /status Show current proxy settings
REM pac /test Run diagnostics only
REM pac /nopac Disable PAC & Auto-Detect
REM pac /help Show usage instructions
REM ---------------------------------------------------------------

REM --- /help flag: show usage instructions ---
if /i "%~1"=="/help" (
echo Usage:
echo pac Sync WinHTTP & apply PAC
echo pac /silent Suppress final pause
echo pac /status Show current proxy settings
echo pac /test Run diagnostics only
echo pac /nopac Disable PAC & Auto-Detect
echo pac /help Show usage instructions
exit /b
)

REM --- Log start ---
echo [%DATE% %TIME%] Running pac.cmd >> C:\data\sys\logs\proxy.log

REM --- Check for proxy.cmd ---
if not exist "C:\data\sys\batch\proxy.cmd" (
echo ERROR: proxy.cmd not found.
exit /b
)

REM --- /status: show proxy diagnostics only ---
if /i "%~1"=="/status" (
start "" "C:\data\sys\batch\proxy.cmd" /silent /status
exit
)

REM --- /test: alias for /status ---
if /i "%~1"=="/test" (
echo Running proxy diagnostics only...
start "" "C:\data\sys\batch\proxy.cmd" /silent /status
exit
)

REM --- /nopac: disable PAC & Auto-Detect ---
if /i "%~1"=="/nopac" (
echo Disabling PAC & Auto-Detect...
start "" "C:\data\sys\batch\proxy.cmd" /silent /nopac
exit
)

REM --- Step 1: Sync WinINET into WinHTTP ---
echo Running proxy sync...
powershell -Command "Start-Process -FilePath 'cmd.exe' -ArgumentList '/c \"C:\data\sys\batch\proxy.cmd\" /sync' -NoNewWindow -Wait"

REM --- Step 2: Apply PAC logic ---
echo Applying PAC logic...
powershell -Command "Start-Process -FilePath 'cmd.exe' -ArgumentList '/c \"C:\data\sys\batch\proxy.cmd\" http://127.0.0.1/proxy.pac' -NoNewWindow
-Wait"

REM --- PAC summary for user ---
echo PAC logic: Bypassing proxy for Gmail, Amazon, & Copilot domains.
echo All other traffic routed through SOCKS proxy at 127.0.0.1:1080

REM --- Final pause unless /silent ---
if /i "%~1"=="/silent" (
exit
)

echo.
echo Press Enter to close...
pause >nul
exit


================================================================
Win+R > gvim C:\data\sys\batch\proxy.cmd

@echo off
REM proxy.cmd v1.8 iX 20250901
REM Unified Windows proxy diagnostic + configuration tool
REM Supports: WinINET proxy, WinHTTP proxy, PAC/AutoDetect
REM ---------------------------------------------------------------
REM Usage:
REM Win+R > proxy Run normally
REM Win+R > proxy /help Show usage instructions
REM Win+R > proxy /sync Sync WinINET proxy into WinHTTP
REM Win+R > proxy http://url.pac Set PAC URL
REM Win+R > proxy /nopac Disable PAC & Auto-Detect
REM Win+R > proxy /status Check status only
REM Win+R > proxy /reset Clear all proxy settings
REM Win+R > proxy /silent Suppress final pause
REM Win+R > proxy /silent /sync Combine flags
REM ---------------------------------------------------------------
REM Proxy Types:
REM Type 1: WinINET iX used by IE, Edge (legacy), MS Office & most apps
REM Type 2: WinHTTP iX used by system services like Windows Update
REM Type 3: PAC/AutoDetect iX used by Chrome, Edge, & optionally Firefox
REM Firefox must be set to "Use system proxy settings" to honor PAC
REM ---------------------------------------------------------------

REM --- /help flag: show usage instructions ---
if /i "%~1"=="/help" (
echo Usage:
echo proxy Run normally
echo proxy /sync Sync WinINET proxy into WinHTTP
echo proxy http://... Set PAC URL
echo proxy /nopac Disable PAC & Auto-Detect
echo proxy /status Show current proxy settings
echo proxy /reset Clear all proxy settings
echo proxy /silent ... Suppress final pause
exit /b
)

REM --- Log command to proxy.log ---
set LOG=C:\data\sys\logs\proxy.log
echo [%DATE% %TIME%] %cmdcmdline% >> %LOG%

REM --- Begin scoped environment ---
setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

REM --- Detect /silent flag & shift argument list ---
if /i "%~1"=="/silent" (
set SILENT=1
shift
)

REM --- /reset: clear all proxy settings ---
if /i "%~1"=="/reset" (
echo Resetting all proxy settings...
reg delete %KEY% /v ProxyEnable /f >nul 2>&1
reg delete %KEY% /v ProxyServer /f >nul 2>&1
reg delete %KEY% /v AutoConfigURL /f >nul 2>&1
reg add %KEY% /v AutoDetect /t REG_DWORD /d 0 /f >nul
netsh winhttp reset proxy >nul 2>&1
echo All proxy settings cleared.
goto SHOWCONFIG
)

REM --- /status: show current proxy configuration ---
if /i "%~1"=="/status" (
echo Displaying current proxy configuration...
goto SHOWCONFIG
)

REM --- /sync: copy WinINET proxy into WinHTTP ---
if /i "%~1"=="/sync" (
echo Syncing WinINET proxy into WinHTTP...
netsh winhttp import proxy source=ie
echo Done.
goto SHOWCONFIG
)

REM --- /nopac: disable PAC & Auto-Detect ---
if /i "%~1"=="/nopac" (
echo Disabling PAC & Auto-Detect...
reg delete %KEY% /v AutoConfigURL /f >nul 2>&1
reg add %KEY% /v AutoDetect /t REG_DWORD /d 0 /f >nul
echo PAC & Auto-Detect disabled.
goto SHOWCONFIG
)

REM --- Set PAC URL if provided ---
if not "%~1"=="" (
echo Setting PAC script URL: %~1
reg add %KEY% /v AutoConfigURL /t REG_SZ /d %~1 /f >nul
reg add %KEY% /v AutoDetect /t REG_DWORD /d 1 /f >nul
)

REM --- Diagnostic output block ---
:SHOWCONFIG
echo ==============================================
echo WINDOWS PROXY CONFIGURATION SET/CHECK/FIX
echo ==============================================

REM --- WinINET proxy status ---
echo.
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul')
do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul')
do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy status ---
echo.
echo [2] WinHTTP proxy (system/background services)
for /f "tokens=1,* delims=:" %%A in ('netsh winhttp show proxy ^| findstr
/R /C:"Proxy Server(s)"') do set curWinHTTP=%%B
set curWinHTTP=%curWinHTTP:~1%
if "%curWinHTTP%"=="" (
echo No WinHTTP proxy set iX importing from WinINET...
netsh winhttp import proxy source=ie >nul 2>&1
) else (
echo WinHTTP proxy already set iX leaving as is.
)
netsh winhttp show proxy

REM --- PAC / AutoDetect status ---
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL

nul') do set PACurl=%%B

for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul')
do set AutoDetect=%%B
if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

REM --- PAC logic summary if using proxy.pac ---
if /i "%PACurl%"=="http://127.0.0.1/proxy.pac" (
echo PAC logic: Bypassing proxy for Gmail, Amazon, & Copilot domains.
echo All other traffic routed through SOCKS proxy at 127.0.0.1:1080
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)

echo.
echo ==============================================
echo Windows proxy set/check/fix complete.
echo ==============================================

endlocal

REM --- Final pause unless /silent ---
if not defined SILENT (
echo.
echo Press Enter to close...
pause >nul
)
exit

================================================================
--- Synchronet 3.21a-Linux NewsLink 1.2