CODEWITHSUNDEEP
.netreverse-engineering
hendepher
hendepher

Reputation: 143

Reverse Engineering question - .NET packet capture

I am working with someone who is interested in integrating a web application with a proprietary ERP client/server system. I am trying to figure out a way to reverse engineer the API calls to the server and duplicate it for the limited number of functions that I need to make the integration work.

I used wireshark to capture some network traffic from the client side. As a PHP/Java programmer, I am not very familiar with the .NET world, so I was hoping someone here could look at the TCP stream below and point me in the right direction. Is it possible, looking at the traffic, to tell what kind of .NET client to use to communicate with this server? 

.NET.............."...tcp://XXXXXXXX:nnnn/Transporter.rem........application/octet-stream..........................GetMail.mDTA.Connectivity.ITransporter, DTA.Connectivity, Version=1.0.4098.30211, Culture=neutral, PublicKeyToken=null....................System.Guid....._a._b._c._d._e._f._g._h._i._j._k........................../.1D.).`..k..

.NET.......................................................System.Collections.ObjectModel.Collection`1[[DTA.Connectivity.Messaging.Message, DTA.Connectivity, Version=1.0.4098.30211, Culture=neutral, PublicKeyToken=null]].....items...System.Collections.Generic.List`1[[DTA.Connectivity.Messaging.Message, DTA.Connectivity, Version=1.0.4098.30211, Culture=neutral, PublicKeyToken=null]]..........NDTA.Connectivity, Version=1.0.4098.30211, Culture=neutral, PublicKeyToken=null.......System.Collections.Generic.List`1[[DTA.Connectivity.Messaging.Message, DTA.Connectivity, Version=1.0.4098.30211, Culture=neutral, PublicKeyToken=null]]....._items._size._version...$DTA.Connectivity.Messaging.Message[].................................."DTA.Connectivity.Messaging.Message.....

.NET......D......."...tcp://XXXXXXXX:nnnn/Transporter.rem........application/octet-stream..........................SubmitOperation.mDTA.Connectivity.ITransporter, DTA.Connectivity, Version=1.0.4098.30211, Culture=neutral, PublicKeyToken=null........................NDTA.Connectivity, Version=1.0.4098.30211, Culture=neutral, PublicKeyToken=null.....0DTA.Connectivity.Operations.DataManagerOperation....._Type_SqlStatement._SplitAtSemicolon

Upvotes: 0

Views: 674

Answers (1)

Matthew Steeples
Matthew Steeples

Reputation: 8088

It's .net remoting by the looks of things. This consists of serializing objects and passing them down the wire.

If the binaries for the application are available you may be able to add them as references to your solution so that you can use the same objects and intercept some of the packets. You may have to check that you're not violating any license requirements with that though.

Upvotes: 3

Related Questions