Parsia's Den

Because no one wants to be the other guy from Wham!

Oct 8, 2017 - 4 minute read - Comments - Thick Client Proxying Windows Service

Thick Client Proxying - Part 8 - Notes on Proxying Windows Services

These are my notes about proxying Windows services. Being run from a different account (usually LocalSystem).

Proxy settings are usually configured per user and are not applicable to Windows services.

If you have to proxy a Windows service, here are some of the things you can try (and hope they work).

There are also some issues when using netsh to set WinHTTP proxies for 32-bit applications on Windows 7 64-bit.

Oct 7, 2017 - 2 minute read - Comments - Thick Client Proxying .NET Framework

Thick Client Proxying - Part 7 - Proxying .NET Applications via Config File

.NET applications use a configuration file to read some settings. It’s an XML file named applicationName.exe.config.

They usually use WinINET or IE proxy settings. Sometimes they do not. We can either use an application specific config file or use one for the whole .NET framework.

Look inside the decompiled code (or just grep the binary files) for references to System.Configuration MSDN-page. Applications use ConfigurationManager and WebConfigurationManager classes to access these settings.

Sep 21, 2017 - 11 minute read - Comments - Razer Comms Thick Client Proxying

Razer Comms

A couple of years ago I looked at Razer Comms. I found a bunch of stuff that I never reported or pursued. I discovered the application is now retired so I am publishing these.

I did not look very hard but Razer Comms was essentially a webapp running via the Chromium Embedded Framework. There were no checks on channel authorizations. You could read every channel including passworded ones.

You can my notes at https://github.com/parsiya/Random-Notes/tree/master/razercomms.

Jul 28, 2016 - 14 minute read - Comments - Thick Client Proxying Proxy

Thick Client Proxying - Part 6: How HTTP(s) Proxies Work

In order to create our own custom proxies, first we need to know how proxies work. When I wanted to write a custom proxy tool (it’s a simple Python script) in Hipchat part3, I had to go back and learn how they work. I did not find such a resource online that looked at proxies from an infosec perspective. Most talked about how to configure caching or forwarding proxies and not much about MitM ones. I have briefly talked about it in the section 2 of the same post named How does a Proxy Work?. In this post I am going to take a deep(er) dive. I actually read some RFCs and they were surprisingly well written.

If you want to skip the intro, go to section 3.