1

I know of a WPF application that whenever I try and open any Proxy debugging tool, e.g. Fiddler, Charles Proxy, Proxyman.io etc... I get this:

this

Does anyone know how I can recreate this in my WPF application. Is there a 3rd party app or a nuget that can do this. I know that I can constantly be looking for a file with those names, but someone could either rename the Applications or use another which I do not know about.

Stefan
  • 17,448
  • 11
  • 60
  • 79
holygrail654
  • 21
  • 4
  • So, you want to detect whether or not a proxy is enabled? – Stefan Jun 27 '20 at 13:30
  • Yes. So if the user opens a debugging proxy, it will shut down the application – holygrail654 Jun 27 '20 at 13:37
  • I think its in the system paramater somewhere. Try ti search on proxy settings in C#, surely yhere must be something availabe – Stefan Jun 27 '20 at 14:21
  • It's more tricky than I thought. When does the popup comes? Directly after starting the proxy? If so, the must be some eventhandler invoked. – Stefan Jun 27 '20 at 15:48
  • If you have a copy of this app, you could try a decompiler like reflector and search for that string. See how they did it. Btw. You know lots of businesses have internal proxy servers? – Andy Jun 28 '20 at 19:36
  • @Stefan the popup pops up whenever I open up a debugging proxy, no matter what state the app is in, it pops the message and immediately shuts the application. Andy, the application is obfuscated using DNGuard which is a pain and almost impossible to deobfuscate manually and the one unpacker for it was only for 32bit systems so unfortunately, I was unable to run it. To answer your second question, I am quite aware of businesses having internal proxy servers but I want to know if there is a way to do it in C# or at least a way to know whether someone is proxy debugging. – holygrail654 Jun 28 '20 at 20:33

2 Answers2

1

For anyone interested, I did find a semi-solution. My overall goal was to stop people doing a Man-in-the-middle attack with programs such as Fiddler and Charles which can decrypt HTTPS IF you accept their certificate on your device. I was able to achieve this using SSL Pinning, using the Public Key for the specific site certificate I wanted and comparing to whether it matches the one I have stored beforehand and during runtime. I won't post any code, as it can be found in a series of different StackOverflow questions such as this and as it does not directly answer my original question found above. Although, I hope that this method does help some of you wondering how to tackle this.

holygrail654
  • 21
  • 4
0

The first thing that comes to mind is to define a Design Mode and create an exception or change other behavior. See the DesignerProperties.GetIsInDesignMode Method in Is there a DesignMode property in WPF?.

EldHasp
  • 6,079
  • 2
  • 9
  • 24