Securing Request Data in .NET Framework C# Application
I have created a .NET Forms application. I send a request to the web API using the HTTP client. The request data will be visible and can be altered while injecting or hooking process of the application using the Echo Mirage tool. How can I prevent this issue in a .NET Framework application written in C#?
16 Replies
Unknown User•3mo ago
Message Not Public
Sign In & Join Server To View
Client cert isn't as secure apparently
TeBeCo
and if a computer is comprised to the point you can inject the software you're fucked anyway
Quoted by
<@689473681302224947> from #Securing Request Data in .NET Framework C# Application (click here)
React with ❌ to remove this embed.
Unknown User•3mo ago
Message Not Public
Sign In & Join Server To View
Yes yes
Unknown User•3mo ago
Message Not Public
Sign In & Join Server To View
Wym :SCfeet:
Unknown User•3mo ago
Message Not Public
Sign In & Join Server To View
I don't understand :SCgetoutofmyhead:
If I enable TLS in the client application, the issue still occurs. Is there any way to detect or prevent the hooking or injecting of the application from the client machine by adding a reference in C# code?
Unknown User•3mo ago
Message Not Public
Sign In & Join Server To View
try pinning the certificate
so it would avoid a MITM from trying to replace the original and providing u its own copy
TLS/SSL best practices - .NET
Learn the best practices when using SslStream in .NET.
Still, the HTTP request has been visible. I think the Echo Mirage tool is reading the memory of the application that is running in the process. So, does anyone suggest any idea, or DLL, sample code to detect unauthorized hooking or injecting in the .NET Framework application process?
Unknown User•3mo ago
Message Not Public
Sign In & Join Server To View
if it injects to ws2_32 in order to intercept the data and replaces the certificate, with pinned certificate it would fail, it would have to further have knowledge of the pinning to also replace it as well as its location.
if it works like wireshark, then same thing it would still not be able to by pass the pinning, so as long as it does not modify the application itself, it would not by pass the pinning.
Pinning is a process that ensures the certificate and its chain all match, in order to intercept ssl they need to do 2 things, 1 receive the public certificate from server, proxy that between the client and send the client a fake ca made by echo, and it then proxies the communication, so pinning would fail on echo's certificate because it would not match the chains.
but yes no matter what application .net, c++ etc if u delivery it to the client then you're at risk of misuse of your app and if they have the knowledge then can remove the pin as well just as easy
its all a matter of how valueable the app is, vs the person having time and will do to so.