Within a corporate network, system administrators usually allow employees to access the internet through a proxy server. The proxy server usually improves performance and security, and monitors web traffic entering and leaving the corporate network. WPAD is a technique that is used on client machines to discover the URL of a configuration file via DHCP discovery methods. Once a client machine discovers a file, it is downloaded on the client machine and executed. The script will determine the proxy for the client.
In this exercise, we are going to use Responder on Kali Linux to capture a victim's user credentials. Before we begin, the following topology will be used in this exercise:
![](https://static.packt-cdn.com/products/9781789611809/graphics/assets/a7842e6c-9ab1-4437-bf96-745ea27cd2cd.png)
Using the following steps, we will be able to easily exploit WPAD in a Windows environment:
- Ensure...