.NET Remoting - 1.0

Extension ID

com.castsoftware.dotnet.remoting

What’s new?

Description

This extension provides support for .NET Remoting APIs, which are responsible for hosting and receiving objects in .NET applications. If your C# application utilizes .NET Remoting and you want to modelize the communication—such as hosting and receiving—through appropriate objects and links, you should install this extension.

Supported libraries

Library	Supported
System.Runtime.Remoting	✅

Function Point, Quality and Sizing support

Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist

Function Points (transactions)	Quality and Sizing
❌	❌

Compatibility

Core release	Operating System	Supported
8.4.x	Microsoft Windows / Linux	✅
8.3.x	Microsoft Windows	✅

Dependencies with other extensions

Some CAST extensions require the presence of other CAST extensions in order to function correctly. This extension requires that the following other CAST extensions are also installed (this will be managed automatically):

Download and installation instructions

The extension will not be automatically downloaded and installed. If you need to use it, you should manually install the extension.

What results can you expect?

Objects

Icon	Description
	DotNet Remoting Server
	DotNet Remoting Client

Links

Link Type	Source and Destination of link	Supported APIs
callLink	callLink between the Server object method and the caller C#	Server APIs System.Runtime.Remoting.RemotingConfiguration.RegisterWellKnownServiceType System.Runtime.Remoting.RemotingServices.Marshal System.Runtime.Remoting.RemotingConfiguration.Configure
callLink	callLink between the caller C# method and the client object	Receiver APIs System.Activator.GetObject System.Runtime.Remoting.RemotingServices.Connect System.Runtime.Remoting.RemotingConfiguration.Configure

Example code scenarios

System.Runtime.Remoting

Server APIs

using RemotableObjects;
using System;
using System.Collections;
using System.Runtime.Remoting;
using System.Runtime.Remoting.Channels;
using System.Runtime.Remoting.Channels.Http;
using System.Runtime.Serialization.Formatters;

namespace VulnerableDotNetHTTPRemotingServer
{
    class VulnerableServer
    {
        static void Main(string[] args)
        {
            
            SoapServerFormatterSinkProvider soapServerFormatterSinkProvider = new SoapServerFormatterSinkProvider()
            {
                TypeFilterLevel = TypeFilterLevel.Full 
            };

            IDictionary hashtables = new Hashtable();
            hashtables["port"] = 1234;
            hashtables["proxyName"] = null;
            hashtables["name"] = "Test Remoting Services";

            HttpChannel serverChannel = new HttpChannel(hashtables, null, soapServerFormatterSinkProvider);
            
            ChannelServices.RegisterChannel(serverChannel, false);

			RemotingConfiguration.RegisterWellKnownServiceType(typeof(RemoteObject1), "VulnerableEndpoint.rem", WellKnownObjectMode.Singleton);

            Console.WriteLine("Press ENTER to exit the server.");
            Console.ReadLine();
            Console.WriteLine("The server is exiting.");
        }

    }

}

Client APIs

using RemotableObjects;
using System;
using System.Collections;
using System.Runtime.Remoting;
using System.Runtime.Remoting.Channels;
using System.Runtime.Remoting.Channels.Http;
using System.Runtime.Serialization.Formatters;

namespace VulnerableDotNetHTTPRemotingClient
{
    class Client
    {
        static void Main(string[] args)
        {

            String serverAddress = "http://localhost:8080/VulnerableEndpoint.rem"; // to proxy them in Burp - redirecting it to localhost:1234 with "Support invisible proxying"

            IDictionary props = new Hashtable();
            SoapClientFormatterSinkProvider clientProvider = new SoapClientFormatterSinkProvider();
            SoapServerFormatterSinkProvider serverProvider = new SoapServerFormatterSinkProvider()
            {
                TypeFilterLevel = TypeFilterLevel.Low 
            };

            props["name"] = "ClientChannel";
            props["portName"] = Guid.NewGuid().ToString();
            props["typeFilterLevel"] = "Low";
            props["port"] = 0;

            HttpChannel clientChannel = new HttpChannel(props, clientProvider, serverProvider);

            // Register the channel.
            ChannelServices.RegisterChannel(clientChannel, false);

            RemotingConfiguration.RegisterWellKnownClientType(new WellKnownClientTypeEntry(typeof(RemoteObject1), serverAddress));
           

            RemoteObject1 obj1 = (RemoteObject1)Activator.GetObject(typeof(RemoteObject1), serverAddress);

            try
            {
                Console.WriteLine("Calling GetCount - received: {0}", obj1.GetCount());

                Console.WriteLine("Calling EchoMe - Received: {0}", obj1.EchoMe("This is my text for echo!"));

                Console.WriteLine("Calling GetCount - received: {0}", obj1.GetCount());
            }
            catch(Exception e)
            {
                Console.WriteLine(e.StackTrace);
            }

            Console.WriteLine("Press ENTER to exit the client.");
            Console.ReadLine();
            Console.WriteLine("The client is exiting.");
        }
    }
}

Dotnet Sender and Receiver

When the service name matches for both the server and client, a callLink will be established between the server object and the client object: