1

I have an app where library is making a Http Request. I don't have any control over this. I need to hook in to the request and place a header in to the request for authentication purposes. Is there a way to hook in to an event so as to see outgoing requests, and potentially alter them before they are sent to the server?

I'm currently using Silverlight, but any examples in .NET, UWP, or .NET Core would also be great.

Christian Findlay
  • 6,770
  • 5
  • 51
  • 103

1 Answers1

1

You can use fiddler to capture network traffic or potentially the F12 developer tools of the browser (Network tab) if your app uses the browser.

If you need to capture and modify a request of an external component on a C# (Windows Application) level it is a bit more tricky. You will need to work at a low level; for example if the applications sits on IIS you can write an ISAPI filter and impliment an HttpHandler to override and modify the request.

If it is a windows service or just a normal exe, well your options are more limited. Please explain further.

Look at this post:

How to intercept packets sent by a application and check what they have?

Community
  • 1
  • 1
Shawn J. Molloy
  • 2,457
  • 5
  • 41
  • 59
  • Yes. I know. But, I need to do this at the C# level. This isn't to see the traffic going backward and forward in an ad hoc way. The library is sending a request without an authentication header. The library is essentially wrong. I was wondering if Silverlight or .NET have a way of being able to hook in to Http request events so as to be able to manipulate them. I know this is a long shot because it's probably a security hole, but just throwing it out there... – Christian Findlay Dec 14 '16 at 23:44
  • Thanks. You're a lot closer this time around, but ISAPI filters are not what I mean. I'm not trying to intercept the packet on the server side. I'm trying to intercept a Request that is going to be sent before it is sent on the client side (Silverlight to be exact). Pcap, and SharpPcap look interesting though. I will look in to those. – Christian Findlay Dec 15 '16 at 01:31
  • To be precise, the Request I want to intercept is from the Silverlight call Application.Current.CheckAndDownloadUpdateAsync(). It just requests the Xap package from the server as an ordinary file, but the server will not accept the request without a header for authentication. – Christian Findlay Dec 15 '16 at 01:33
  • Do you have access to this method (Application.Current.CheckAndDownloadUpdateAsync())? If so, you can hook up an event delegate to it, and by subscribing to the event return a modified Request object that operates on the header making the nessesary changes. This is similar to how authentication frameworks like OWIN work - they add stuff to the host header. – Shawn J. Molloy Dec 16 '16 at 21:17
  • You can possibly make a silverlight project that consumes the silverlight control you want to override and then intercept the method that way also. Or even a WPF app might be able to consume a silverlight control which would give you even greater control. I guess my question is do you have the source code? – Shawn J. Molloy Dec 16 '16 at 21:18
  • I think the answer to my original question is no. I doubt that we get access to the Http pipeline on the client-side. It's a shame really. However, I suppose, if the client code uses an IoC container to create Http clients, it would be possible to hook in and add the header. But, even then, calls to external APIs probably wouldn't use the DI – Christian Findlay May 26 '20 at 21:16