Proxying electron apps

[parsiya]

• https://voidsec.com/instrumenting-electron-app/
• https://www.contextis.com/en/blog/basic-electron-framework-exploitation
  • Modifying app.asar and adding proxy settings.
• Chromium switches (these do not work if passed to bundled applications).
  • https://electronjs.org/docs/api/chrome-command-line-switches
• Are these different?
  • https://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-settings

// app.commandLine.appendSwitch('proxy-server', 'http://127.0.0.1:8090');
// app.commandLine.appendSwitch('ignore-certificate-errors', 'true');
// app.commandLine.appendSwitch('allow-insecure-localhost', 'true');

app.on('ready', function() {

  mainWindow = new BrowserWindow({ width: 1024, height: 728 });
  mainWindow.webContents.session.setProxy({proxyRules:"http=localhost:8090;https=localhost:8090"}, function() {mainWindow.loadURL('file://' + __dirname + '/app/app.html');});

  electron.session.defaultSession.webRequest.onBeforeSendHeaders((details, callback) => {
    details.requestHeaders['Origin'] = 'electron://graphiql-app';
    callback({ cancel: false, requestHeaders: details.requestHeaders });
  });

Did not work

• Changing the WinINET proxy settings (also known as internet explorer proxy settings) which is the closest Windows has to a system-wide proxy settings. This is what Chrome desktop (and many other Electron apps) use.
• Passing --proxy-server to the GraphiQL executable command line.
  • Seems like this does not work with bundled applications.
• Extracting app.asar, adding the command line parameters for a proxy to main.js before app.on('ready'. Then repacking app.asar and running GraphiQL.

app.commandLine.appendSwitch('proxy-server', '127.0.0.1:8090');
app.commandLine.appendSwitch('ignore-certificate-errors', 'true');
app.commandLine.appendSwitch('allow-insecure-localhost', 'true');

app.on('ready', function() {

[parsiya]

Did not work, in main.js

  electron.session.defaultSession.webRequest.onBeforeSendHeaders((details, callback) => {
    details.requestHeaders['Origin'] = 'electron://graphiql-app';
    callback({ cancel: false, requestHeaders: details.requestHeaders });
  });

  electron.session.defaultSession.setProxy({proxyRules:"http=localhost:8090;https=localhost:8090"}, function() {});

[parsiya]

Seems like we might need to look inside app.js and manually mess with the ClientRequest going out.

[parsiya]

Find a good example and try it. I think GraphiQL was not a good example. We need practical stuff. Might be hard because most consumer Electron apps honor the system proxy settings.