1

I am debugging my own application, so please avoid legal advices,

I am new to reverse engineering. I want to know, if it is possible to change application network request path. Let's suppose, my application is making API call to this server https://example.com, can someone change it to https://fake.com by reverse engineering(without source code).

My application is written in C#/.Net WPF. To prevent decompiling, I used .Net-Reactor to convert it to native code

Yohofik
  • 23
  • 4

1 Answers1

2

It is possible, even without touching your code at all.

The hacker can hook Winsock APIs like connect() or gethostbyname() by various means. There is also a Windows feature called Layered Socket Providers (LSP) that allow doing the same. Finally, this can be done by routing means even on different machine through which the network traffic passes.

To verify that you have connected to authentic server you have to use cryptographic means, like SSL/TLS protocols.

arrowd
  • 33,231
  • 8
  • 79
  • 110
  • Thanks for answering! I am using SSL protocols in my application. Is it possible to change request path even if I am using SSL protocols – Yohofik Apr 07 '21 at 10:55
  • 1
    Yes it is, but it is pointless, as no one will be able to decrypt the traffic, so there is no sense in doing that. – arrowd Apr 07 '21 at 11:52