.NET applications use a configuration file to read some settings. It's an XML file named
They usually use WinINET or IE proxy settings. Sometimes they do not. We can either use an application specific config file or use one for the whole .NET framework.
Look inside the decompiled code (or just grep the binary files) for references to
System.Configuration MSDN-page. Applications use
WebConfigurationManager classes to access these settings.
Application specific config file.
Add these settings (
configuration is already present in existing config files):
<configuration> <system.net> <defaultProxy enabled = "true" [true|false] useDefaultCredentials = "false" [true|false] > <bypasslist> <add address = "" [String, Required, Collection Key] /> </bypasslist> <module type = "" [String] /> <proxy autoDetect = "Unspecified" [False | True | Unspecified] scriptLocation = "" bypassonlocal = "Unspecified" [False | True | Unspecified] // whitelist proxyaddress = "" // proxy address usesystemdefault = "Unspecified" [False | True | Unspecified] // IE proxy settings /> </defaultProxy> </system.net> </configuration>
proxyaddress are mutually exclusive. I think you can have both but I am not sure about the behavior.
<configuration> <system.net> <defaultProxy> <proxy proxyaddress="http://127.0.0.1:8080" bypassonlocal="true" /> <bypasslist> <add address="[a-z]+\.contoso\.com" /> </bypasslist> </defaultProxy> </system.net> </configuration>
proxy addresseven if you are using an HTTPS proxy like Burp, it will proxy TLS.
- If IE proxy settings are not working then
usesystemdefaultis useless for you as it does the same thing. For Windows services it will not work because proxy settings are per-user by default and different for the account running the service.
Use tools like Process Monitor to detect if the application is looking for this or any other configuration files.
.NET Framework Machine Configuration File
We can use a similar config file for the entire machine. Meaning any application running via that .NET framework will use those settings (honoring them is another matter but standard libraries usually do).
Important note: You need to change the config for both 32 and 64-bit frameworks (Framework|Framework64) and each version (e.g. 2, 3 or 4) separately.
For example for 64-bit .NET Framework 4.x (anything 4.x is under 4):
To learn more about the config file (which is really recommended) see file
machine.config.comments in the same location. It has comments and examples. Read those.