.png)
IN a recent ISC diary, Rob VandenBrink explains how to make Windows executable traffic visible by directing it through a proxy using Proxifier, a tool that lets you create rules such as “send traffic from abc[.]exe to proxy A” or “send everything else direct,” with proxies that can be direct or Socks5. He details a scenario using Burp Suite Pro running locally as the proxy, and demonstrates how to apply a rule that sends traffic from curl[.]exe to the proxy while keeping other traffic direct.
The post walks through setting up Proxifier’s proxy, defining per-executable rules, and observing real-time transaction data in Proxifier and Burp, noting that this approach reveals the “business” of the traffic that is often hidden in a packet capture. It also highlights that Proxifier can generate a configurable log file, with options for what appears in the logs and where they’re sent. The author describes the method as a life-saver for his investigations and invites others to share experiences or similar tools in the comments.