Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to Snoop proof your wpf application?

Snoop allows you to look inside the application and change element properties. Its a great asset for developers, but can be a security issue in some cases, like when we have users who like to look in places where they shouldn't be looking. Is there a way to do something to block applications like Snoop from "snooping" your application?

And if there is no way to block it, what do you recommend to do to minimize security risks?

Snoop is a utility that allows you browse visual tree of a wpf application and view and change properties. Its very useful when you are trying to debug something and have no idea what is going on. You can find more here.

Thank you.

like image 389
chiefanov Avatar asked Oct 20 '10 20:10

chiefanov


People also ask

How to use snoop for WPF?

Simple press ctrl-shift and hover around your app. Elements of your app will highlight with a red border. Once you've found your widget, simple release the keys and your item will remain selected for modification in Snoop.

What is Snoop WPF?

Snoop is an open source WPF spying utility originally created by Pete Blois and is currently maintained by Bastian Schmidt. It allows you to spy/browse the visual, logical and automation tree of any running WPF application (without the need for a debugger).

What is Snoop tool?

Snoop is an open source tool available which allows you to browse the visual tree of a running WPF application without the need for a debugger and change properties. Download WPF Snoop from GitHub.


2 Answers

There actually is a way to detect whether your application is being "snooped" by the snoop program. The solution I will give is not a silver bullet, and if someone really wants to snoop your application, they'd have to modify the snoop source code (it's an open source project).

What snoop actually does is it injects an assembly into your application, and the injected assembly recursively examines your applications visual tree starting at the root. In other words, snoop actually runs inside your application. That being said, the solution is to raise an event when the snoop assembly is injected into your application.

First, you need to subscribe to the assembly-loaded event somewhere in your application (preferably the begginging):

AppDomain.CurrentDomain.AssemblyLoad += new AssemblyLoadEventHandler(CurrentDomain_AssemblyLoad); 

Then, you would implement the handler somewhat like this:

        void CurrentDomain_AssemblyLoad(object sender, AssemblyLoadEventArgs args)     {         if (args.LoadedAssembly.FullName.StartsWith("ManagedInjector"))             MessageBox.Show("hey you, stop snooping");//and shut down your application.     } 

You would probably need to enhance this solution for real silver-bullet solution, but at least this solution will definitely stop the current latest version of snoop being run as is (without the code modified). The better solution would be to check that no external assemblies are being injected into your application.

However, Kent is still right in the fact that a utility like Snoop should not cause any security vulnerabilities since security should not be implemented at the UI level. But at least this shows you how to prevent people from "snooping" your application.

like image 64
Maciek Avatar answered Oct 02 '22 23:10

Maciek


By implementing security properly. If your "security" can be thwarted with a tool like Snoop, then you're doing it wrong.

Suppose there's a command that only certain users can execute. It sounds like the only place you're enforcing this is at the UI level (by disabling the corresponding button, for example). That being the case, you're right - I could easily use Snoop to enable the button and execute the command. But you should be enforcing the security constraints on your server, or perhaps in your command execution logic if you have no server. Basically, security should be implemented as close to the thing you're trying to protect as possible. Security at the UI level is merely for convenience of the user.

like image 43
Kent Boogaart Avatar answered Oct 03 '22 00:10

Kent Boogaart