Researchers have demonstrated how a design flaw affecting most operating systems and web browsers can be exploited to exfiltrate HTTPS URLs and conduct various types of malicious activities. The attack relies on proxy auto-config (PAC) files, which specify how web browsers and other user agents handle HTTP, HTTPS and FTP traffic.”
Read more here:
http://www.securityweek.com/hackers-can-intercept-https-urls-proxy-attacks