Thick Client Proxying - Part 7 - Proxying .NET Applications via Config File
source link: https://parsiya.net/blog/2017-10-07-thick-client-proxying-part-7-proxying-.net-applications-via-config-file/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Oct 7, 2017 - 2 minute read - Comments - Thick Client Proxying .NET Framework
Thick Client Proxying - Part 7 - Proxying .NET Applications via Config File
.NET applications use a configuration file to read some settings. It's an XML file named applicationName.exe.config.
They usually use WinINET or IE proxy settings. Sometimes they do not. We can either use an application specific config file or use one for the whole .NET framework.
Look inside the decompiled code (or just grep the binary files) for references to System.Configuration MSDN-page. Applications use ConfigurationManager and WebConfigurationManager classes to access these settings.
Application specific config file.
Add these settings (configuration is already present in existing config files):
<configuration>
<system.net>
<defaultProxy
enabled = "true" [true|false]
useDefaultCredentials = "false" [true|false]
>
<bypasslist>
<add
address = "" [String, Required, Collection Key]
/>
</bypasslist>
<module
type = "" [String]
/>
<proxy
autoDetect = "Unspecified" [False | True | Unspecified]
scriptLocation = ""
bypassonlocal = "Unspecified" [False | True | Unspecified] // whitelist
proxyaddress = "" // proxy address
usesystemdefault = "Unspecified" [False | True | Unspecified] // IE proxy settings
/>
</defaultProxy>
</system.net>
</configuration> Note usesystemdefault and proxyaddress are mutually exclusive. I think you can have both but I am not sure about the behavior.
For example:
<configuration>
<system.net>
<defaultProxy>
<proxy
proxyaddress="http://127.0.0.1:8080"
bypassonlocal="true"
/>
<bypasslist>
<add address="[a-z]+\.contoso\.com" />
</bypasslist>
</defaultProxy>
</system.net>
</configuration> - Keep
http://inproxy addresseven if you are using an HTTPS proxy like Burp, it will proxy TLS. - If IE proxy settings are not working then
usesystemdefaultis useless for you as it does the same thing. For Windows services it will not work because proxy settings are per-user by default and different for the account running the service.
Use tools like Process Monitor to detect if the application is looking for this or any other configuration files.
.NET Framework Machine Configuration File
We can use a similar config file for the entire machine. Meaning any application running via that .NET framework will use those settings (honoring them is another matter but standard libraries usually do).
Location is %WINDIR%\Microsoft.NET\Framework|Framework64\[version]\Config\machine.config.
Important note: You need to change the config for both 32 and 64-bit frameworks (Framework|Framework64) and each version (e.g. 2, 3 or 4) separately.
For example for 64-bit .NET Framework 4.x (anything 4.x is under 4):
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config
To learn more about the config file (which is really recommended) see file machine.config.comments in the same location. It has comments and examples. Read those.
Posted by Parsia Oct 7, 2017 Tags: .NET
Razer Comms Thick Client Proxying - Part 8 - Notes on Proxying Windows Services
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK