Windows Update through a SOCKS proxy

Windows Update is a tricky thing. Smile It can use a proxy server (see one of my previous posts on this), but it won't use the same proxy as you've set in "Control Panel" / "Internet Options" (aka. IE's proxy settings). Windows XP has a "hidden" HTTP service (it's actually a driver visible in "Device Manager" under "Non-Plug and Play Drivers") and Windows Update uses this service to access Microsoft's servers. To set a proxy for this service, you've to use the proxycfg command line program. However setting a SOCKS proxy won't take any effect (at least it did not for me, neither for airwin). But there're ways to get around this. Smile

I've found two methods.

  1. Windows Update does work through a HTTP proxy, thus you could use a local HTTP proxy that supports chaining to SOCKS proxies. You could set Windows Update with proxycfg to use the local HTTP proxy, and set the HTTP proxy to use the given SOCKS proxy. There're a few such tools. Eg. Privoxy can do this ... or you could pick any HTTP proxy and use a "sockisfier" to add SOCKS capabilities to it (there're quite a few ... eg. free ones are FreeCap, Hummingbird SOCKS client, SocksCap ... a commercial one is ProxyCap).

  2. You can use a "low-level" socksifier that can add SOCKS capability even to Windows services. For this one to work the socksifier program has to load before the first service loads that uses svchost.exe (the "Generic Host Process for Win32 Services"), since an instance of this executable tries to connect to MS's webservers, when you start the Windows Update process. One program capable of socksifying svchost.exe (aka. Windows services) is WideCap. It comes from the developer of FreeCap, but he rewrote the whole thing. WideCap hijacks Winsock (the socket subsystem of Windows networking), thus it's like a virtual network driver on top of Windows' TCP stack. It can redirect all TCP connections to a SOCKS server right from the start ... including all Windows services. However this tool is shareware (you can use it for free only in a 30-day trial period) and due to a small design glitch you've to hack its settings a little bit to make it socksify the services running through svchost.exe. The problem is that WideCap stores all of its settings in the user's registry that installed the application. You've to set up WideCap, export the program's registry from the current user's tree to disk (it's HKEY_CURRENT_USER\Software\Bert's Software\WideCap for me), replace the registry key pathes with the path of the SYSTEM user's registry (it's HKEY_USERS\S-1-5-18\Software\Bert's Software\WideCap for me) and import it back to the Windows registry. The SYSTEM user comes into the game, because the given svchost.exe (that makes the connection to the MS Windows Update servers) runs with SYSTEM's credentials ... thus when the service (svchost.exe) starts, the WideCap driver will have access only to SYSTEM's registry. This method is definitely not for novice users. However I'm happy to have learnt about WideCap, it's a very nice piece of software ... a sort of Swiss army knife for socksifying programs ... even Windows services. Smile
P.S.: you might want to check out this Wiki page for some other socks proxies and socksifiers.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Problems with Privoxy

According to this forum topic Privoxy does not support HTTP methods like PUT and PROPFIND. This limits the spectrum of usable, SOCK capable proxy servers even more.

Saved my day, thanks!

Thank you very much. This is the last piece of puzzle I needed to get my Microsoft Update to work behind the firewall!

My final setup:
- PuTTY back to home, with tunneling configured as D8888 (dynamic, source port 8888).
- Privoxy chains HTTP/HTTPS proxy requests to PuTTY: forward-socks5 / 127.0.0.1:8888 .
- Have IE use 127.0.0.1:8118 (privoxy proxy) as the proxy server.

Now all worked!

Re: Saved my day, thanks!

You're welcome. Smile

I have found that Widecap is

I have found that Widecap is not compatible with Google Chrome, and stops Chrome from working.

use super socks5cap

get it from http://www.networktunnel.net, work fine with vista/win7/x64

Re: use super socks5cap

Seems to be viable. But unfortunately it's not for free.