SlideShare une entreprise Scribd logo
1  sur  21
Télécharger pour lire hors ligne
Thick Client Testing Advanced
By : Foram Dave & Aman Barot
29 Feb 2020
Twitter : @iForamDave , @AmanBarot12
● Information Gathering
● Different ways to Intercept request using burp
● Binary Analysis
Agenda
Information gathering Tools
● CFF Explorer
● PEid
● Detect it Easy (DIE)
● Strings
Proxy-aware thick client
Thick client application
has built in feature to
set up proxy server
Tools
Burp Suite
Charles Proxy
Mallory
Proxy-unaware thick client
Thick client application
doesn’t have any feature to
set up proxy server
Tools
Echo Mirage
Javasnoop
Proxy aware thick client
Thick client
Thick client
➔ We need to have two machines residing in the same network. Both machines need to have Burp
Suite tool running and one machine should have Loopback Adapter Card installed.
➔ Here the machine 1 act as a gateway that forward request to the internet.
➔ And machine 2 should be used as the testing machine.
➔ In machine 1, Burp suite capture the request forwarded by the burp suite present in machine 2 and
forward to the actual server over the internet.
➔ In machine 2, listener set on loopback adapter ip address.
➔ VMWare have capability to add network adapter card so host only adapter used as testing tool for
virtual environment where network access is not available.
Different ways to Intercept thick client request
Tools For intercept request
● Burp Suite,
○ NOPE Proxy(Applicable in only burp 1.X version)
○ System Proxy
○ Burp Hidden Proxy
● Fiddler
● Echo Mirage
● Charles Web Debugging Proxy
● JavaSnoop
NoPE Proxy - Burp Extension
➢ Nope-Proxy Will intercept the request of HTTP traffic and TCP traffic as well.
➢ It will provide you same types of facilities to modify the request, parameter in
terms of repeater.
➢ It will work like burp. We can edit requests ofthick client app, We can see
history of the application.
➢ This extension has only one disadvantage that it will not work in BURP 2.O
after versions, but at the same time we can use it in a burp community version
before 2.O.
➢ For more find the ref link of github: https://github.com/summitt/Burp-Non-HTTP-Extension
System Proxy
➔ Instead of use any of the proxy you can use system proxy
to intercept the request of thick client app.
➔ If the Application is Proxy unaware thick client app.
Binary analysis
Tools for Binary Analysis
● Ghidra
● Immunity Debugger
● IDA Pro
● OllyDbg
● DnSpy
● x64dbg
Demo
Burp suite
Screen : 2
Tool : Burp Suite Proxy (Hidden proxy)
Screen : 3
Tool : Burp Suite Proxy
Screen : 4
Tool : Burp Suite Proxy
Screen : 5
Screen : 6
Tool : Burp Suite Proxy
Intercepting Traffic through Burp Hidden Proxy
Screen : 1 For Machine 1 (192.168.1.4)
Screen : 2 - Machine 2 : 169.254.155.63
Intercepting Traffic through Burp Hidden Proxy
Intercepting Traffic through Burp Hidden Proxy
Screen : 3 - For Machine 2 (192.168.18.132)
Screen : 4
Intercepting Traffic through Burp Hidden Proxy
Thank you!

Contenu connexe

Tendances

OpenAPI and gRPC Side by-Side
OpenAPI and gRPC Side by-SideOpenAPI and gRPC Side by-Side
OpenAPI and gRPC Side by-SideTim Burks
 
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...Ives Laaf
 
Using Redis at Facebook
Using Redis at FacebookUsing Redis at Facebook
Using Redis at FacebookRedis Labs
 
Sips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocolSips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocolOlle E Johansson
 
Google Authenticator, possible attacks and prevention
Google Authenticator, possible attacks and preventionGoogle Authenticator, possible attacks and prevention
Google Authenticator, possible attacks and preventionBoštjan Cigan
 
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...HostedbyConfluent
 
GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)NetProtocol Xpert
 
Nginx internals
Nginx internalsNginx internals
Nginx internalsliqiang xu
 
Query Latency Optimization with Lucene
Query Latency Optimization with LuceneQuery Latency Optimization with Lucene
Query Latency Optimization with Lucenelucenerevolution
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Masahiko Sawada
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
Khái quát Kerberos
Khái quát Kerberos Khái quát Kerberos
Khái quát Kerberos Quang Vu
 
A whirlwind tour of the LLVM optimizer
A whirlwind tour of the LLVM optimizerA whirlwind tour of the LLVM optimizer
A whirlwind tour of the LLVM optimizerNikita Popov
 
TELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAITELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAIMUSTAFA SAKHAI
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniquesinbroker
 

Tendances (20)

OpenAPI and gRPC Side by-Side
OpenAPI and gRPC Side by-SideOpenAPI and gRPC Side by-Side
OpenAPI and gRPC Side by-Side
 
Frogger vlan hopping
Frogger vlan hoppingFrogger vlan hopping
Frogger vlan hopping
 
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
 
Using Redis at Facebook
Using Redis at FacebookUsing Redis at Facebook
Using Redis at Facebook
 
Sips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocolSips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocol
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
 
Google Authenticator, possible attacks and prevention
Google Authenticator, possible attacks and preventionGoogle Authenticator, possible attacks and prevention
Google Authenticator, possible attacks and prevention
 
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...
 
GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)
 
Nginx internals
Nginx internalsNginx internals
Nginx internals
 
Query Latency Optimization with Lucene
Query Latency Optimization with LuceneQuery Latency Optimization with Lucene
Query Latency Optimization with Lucene
 
Nginx Essential
Nginx EssentialNginx Essential
Nginx Essential
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
 
Pgp
PgpPgp
Pgp
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
Khái quát Kerberos
Khái quát Kerberos Khái quát Kerberos
Khái quát Kerberos
 
A whirlwind tour of the LLVM optimizer
A whirlwind tour of the LLVM optimizerA whirlwind tour of the LLVM optimizer
A whirlwind tour of the LLVM optimizer
 
TELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAITELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAI
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
 

Similaire à Thick Client Testing Advanced

BinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web ProxyBinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web ProxyDONGJOO HA
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Mohammed Adam
 
BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17Python0x0
 
Android pro tips trilogy
Android  pro tips trilogyAndroid  pro tips trilogy
Android pro tips trilogyVitali Pekelis
 
Update OSGi Residential Expert Group
Update OSGi Residential Expert Group Update OSGi Residential Expert Group
Update OSGi Residential Expert Group OSGiUsers
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
WebRTC: A front-end perspective
WebRTC: A front-end perspectiveWebRTC: A front-end perspective
WebRTC: A front-end perspectiveshwetank
 
P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.Kapil Sabharwal
 
Taming botnets
Taming botnetsTaming botnets
Taming botnetsf00d
 
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisLife Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisPositive Hack Days
 
Burp Suite Cheat Sheet v1.0 - OFFENSIVE OPERATIONS - SANS -
Burp Suite Cheat Sheet v1.0  - OFFENSIVE OPERATIONS - SANS - Burp Suite Cheat Sheet v1.0  - OFFENSIVE OPERATIONS - SANS -
Burp Suite Cheat Sheet v1.0 - OFFENSIVE OPERATIONS - SANS - Muhammad FAHAD
 
Bringing Learnings from Googley Microservices with gRPC - Varun Talwar, Google
Bringing Learnings from Googley Microservices with gRPC - Varun Talwar, GoogleBringing Learnings from Googley Microservices with gRPC - Varun Talwar, Google
Bringing Learnings from Googley Microservices with gRPC - Varun Talwar, GoogleAmbassador Labs
 
Apache DeviceMap - ApacheCon core Europe 2015
Apache DeviceMap - ApacheCon core Europe 2015Apache DeviceMap - ApacheCon core Europe 2015
Apache DeviceMap - ApacheCon core Europe 2015Werner Keil
 
Developing applications with Hyperledger Fabric SDK
Developing applications with Hyperledger Fabric SDKDeveloping applications with Hyperledger Fabric SDK
Developing applications with Hyperledger Fabric SDKHorea Porutiu
 
Virtualization & Network Connectivity
Virtualization & Network Connectivity Virtualization & Network Connectivity
Virtualization & Network Connectivity itplant
 
Apache DeviceMap - ApacheCon Europe 2014
Apache DeviceMap - ApacheCon Europe 2014Apache DeviceMap - ApacheCon Europe 2014
Apache DeviceMap - ApacheCon Europe 2014Werner Keil
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 

Similaire à Thick Client Testing Advanced (20)

Burpsuite 101
Burpsuite 101Burpsuite 101
Burpsuite 101
 
Burp suite
Burp suiteBurp suite
Burp suite
 
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web ProxyBinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
BinProxy: New Paradigm of Binary Analysis With Your Favorite Web Proxy
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17
 
Android pro tips trilogy
Android  pro tips trilogyAndroid  pro tips trilogy
Android pro tips trilogy
 
Update OSGi Residential Expert Group
Update OSGi Residential Expert Group Update OSGi Residential Expert Group
Update OSGi Residential Expert Group
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
WebRTC: A front-end perspective
WebRTC: A front-end perspectiveWebRTC: A front-end perspective
WebRTC: A front-end perspective
 
P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.
 
Taming botnets
Taming botnetsTaming botnets
Taming botnets
 
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisLife Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
 
Burp Suite Cheat Sheet v1.0 - OFFENSIVE OPERATIONS - SANS -
Burp Suite Cheat Sheet v1.0  - OFFENSIVE OPERATIONS - SANS - Burp Suite Cheat Sheet v1.0  - OFFENSIVE OPERATIONS - SANS -
Burp Suite Cheat Sheet v1.0 - OFFENSIVE OPERATIONS - SANS -
 
Bringing Learnings from Googley Microservices with gRPC - Varun Talwar, Google
Bringing Learnings from Googley Microservices with gRPC - Varun Talwar, GoogleBringing Learnings from Googley Microservices with gRPC - Varun Talwar, Google
Bringing Learnings from Googley Microservices with gRPC - Varun Talwar, Google
 
Apache DeviceMap - ApacheCon core Europe 2015
Apache DeviceMap - ApacheCon core Europe 2015Apache DeviceMap - ApacheCon core Europe 2015
Apache DeviceMap - ApacheCon core Europe 2015
 
Developing applications with Hyperledger Fabric SDK
Developing applications with Hyperledger Fabric SDKDeveloping applications with Hyperledger Fabric SDK
Developing applications with Hyperledger Fabric SDK
 
Internet census 2012
Internet census 2012Internet census 2012
Internet census 2012
 
Virtualization & Network Connectivity
Virtualization & Network Connectivity Virtualization & Network Connectivity
Virtualization & Network Connectivity
 
Apache DeviceMap - ApacheCon Europe 2014
Apache DeviceMap - ApacheCon Europe 2014Apache DeviceMap - ApacheCon Europe 2014
Apache DeviceMap - ApacheCon Europe 2014
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 

Plus de NSConclave

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_ConclaveNSConclave
 
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionCreate a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionNSConclave
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachNSConclave
 
Debugging Android Native Library
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native LibraryNSConclave
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension DevelopmentNSConclave
 
Regular Expression Injection
Regular Expression InjectionRegular Expression Injection
Regular Expression InjectionNSConclave
 
HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)NSConclave
 
Node.js Deserialization
Node.js DeserializationNode.js Deserialization
Node.js DeserializationNSConclave
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain PolicyNSConclave
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP InjectionNSConclave
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization AttacksNSConclave
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql InjectionNSConclave
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing BasicsNSConclave
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahNSConclave
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
Lets get started with car hacking - Ankit Joshi
Lets get started with car hacking - Ankit JoshiLets get started with car hacking - Ankit Joshi
Lets get started with car hacking - Ankit JoshiNSConclave
 

Plus de NSConclave (20)

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_Conclave
 
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionCreate a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the Extension
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's Approach
 
Debugging Android Native Library
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native Library
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension Development
 
Log Analysis
Log AnalysisLog Analysis
Log Analysis
 
Regular Expression Injection
Regular Expression InjectionRegular Expression Injection
Regular Expression Injection
 
HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)
 
Node.js Deserialization
Node.js DeserializationNode.js Deserialization
Node.js Deserialization
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain Policy
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP Injection
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization Attacks
 
Sandboxing
SandboxingSandboxing
Sandboxing
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql Injection
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing Basics
 
Markdown
MarkdownMarkdown
Markdown
 
Docker 101
Docker 101Docker 101
Docker 101
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren Shah
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 
Lets get started with car hacking - Ankit Joshi
Lets get started with car hacking - Ankit JoshiLets get started with car hacking - Ankit Joshi
Lets get started with car hacking - Ankit Joshi
 

Dernier

If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...
If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...
If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...Maxim Salnikov
 
Flutter the Future of Mobile App Development - 5 Crucial Reasons.pdf
Flutter the Future of Mobile App Development - 5 Crucial Reasons.pdfFlutter the Future of Mobile App Development - 5 Crucial Reasons.pdf
Flutter the Future of Mobile App Development - 5 Crucial Reasons.pdfMind IT Systems
 
User Experience Designer | Kaylee Miller Resume
User Experience Designer | Kaylee Miller ResumeUser Experience Designer | Kaylee Miller Resume
User Experience Designer | Kaylee Miller ResumeKaylee Miller
 
renewable energy renewable energy renewable energy renewable energy
renewable energy renewable energy renewable energy  renewable energyrenewable energy renewable energy renewable energy  renewable energy
renewable energy renewable energy renewable energy renewable energyjeyasrig
 
Technical improvements. Reasons. Methods. Estimations. CJ
Technical improvements.  Reasons. Methods. Estimations. CJTechnical improvements.  Reasons. Methods. Estimations. CJ
Technical improvements. Reasons. Methods. Estimations. CJpolinaucc
 
BATbern52 Swisscom's Journey into Data Mesh
BATbern52 Swisscom's Journey into Data MeshBATbern52 Swisscom's Journey into Data Mesh
BATbern52 Swisscom's Journey into Data MeshBATbern
 
Mobile App Development company Houston
Mobile  App  Development  company HoustonMobile  App  Development  company Houston
Mobile App Development company Houstonjennysmithusa549
 
8 key point on optimizing web hosting services in your business.pdf
8 key point on optimizing web hosting services in your business.pdf8 key point on optimizing web hosting services in your business.pdf
8 key point on optimizing web hosting services in your business.pdfOffsiteNOC
 
8 Steps to Build a LangChain RAG Chatbot.
8 Steps to Build a LangChain RAG Chatbot.8 Steps to Build a LangChain RAG Chatbot.
8 Steps to Build a LangChain RAG Chatbot.Ritesh Kanjee
 
Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...
Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...
Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...telebusocialmarketin
 
Einstein Copilot Conversational AI for your CRM.pdf
Einstein Copilot Conversational AI for your CRM.pdfEinstein Copilot Conversational AI for your CRM.pdf
Einstein Copilot Conversational AI for your CRM.pdfCloudMetic
 
VuNet software organisation powerpoint deck
VuNet software organisation powerpoint deckVuNet software organisation powerpoint deck
VuNet software organisation powerpoint deckNaval Singh
 
MinionLabs_Mr. Gokul Srinivas_Young Entrepreneur
MinionLabs_Mr. Gokul Srinivas_Young EntrepreneurMinionLabs_Mr. Gokul Srinivas_Young Entrepreneur
MinionLabs_Mr. Gokul Srinivas_Young EntrepreneurPriyadarshini T
 
Take Advantage of Mx Tracking Flight Scheduling Solutions to Streamline Your ...
Take Advantage of Mx Tracking Flight Scheduling Solutions to Streamline Your ...Take Advantage of Mx Tracking Flight Scheduling Solutions to Streamline Your ...
Take Advantage of Mx Tracking Flight Scheduling Solutions to Streamline Your ...MyFAA
 
Unlocking AI: Navigating Open Source vs. Commercial Frontiers
Unlocking AI:Navigating Open Source vs. Commercial FrontiersUnlocking AI:Navigating Open Source vs. Commercial Frontiers
Unlocking AI: Navigating Open Source vs. Commercial FrontiersRaphaël Semeteys
 
Mobile App Development process | Expert Tips
Mobile App Development process | Expert TipsMobile App Development process | Expert Tips
Mobile App Development process | Expert Tipsmichealwillson701
 
Leveling Up your Branding and Mastering MERN: Fullstack WebDev
Leveling Up your Branding and Mastering MERN: Fullstack WebDevLeveling Up your Branding and Mastering MERN: Fullstack WebDev
Leveling Up your Branding and Mastering MERN: Fullstack WebDevpmgdscunsri
 
Boost Efficiency: Sabre API Integration Made Easy
Boost Efficiency: Sabre API Integration Made EasyBoost Efficiency: Sabre API Integration Made Easy
Boost Efficiency: Sabre API Integration Made Easymichealwillson701
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleShane Coughlan
 

Dernier (20)

If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...
If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...
If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...
 
Flutter the Future of Mobile App Development - 5 Crucial Reasons.pdf
Flutter the Future of Mobile App Development - 5 Crucial Reasons.pdfFlutter the Future of Mobile App Development - 5 Crucial Reasons.pdf
Flutter the Future of Mobile App Development - 5 Crucial Reasons.pdf
 
User Experience Designer | Kaylee Miller Resume
User Experience Designer | Kaylee Miller ResumeUser Experience Designer | Kaylee Miller Resume
User Experience Designer | Kaylee Miller Resume
 
renewable energy renewable energy renewable energy renewable energy
renewable energy renewable energy renewable energy  renewable energyrenewable energy renewable energy renewable energy  renewable energy
renewable energy renewable energy renewable energy renewable energy
 
Technical improvements. Reasons. Methods. Estimations. CJ
Technical improvements.  Reasons. Methods. Estimations. CJTechnical improvements.  Reasons. Methods. Estimations. CJ
Technical improvements. Reasons. Methods. Estimations. CJ
 
BATbern52 Swisscom's Journey into Data Mesh
BATbern52 Swisscom's Journey into Data MeshBATbern52 Swisscom's Journey into Data Mesh
BATbern52 Swisscom's Journey into Data Mesh
 
Mobile App Development company Houston
Mobile  App  Development  company HoustonMobile  App  Development  company Houston
Mobile App Development company Houston
 
8 key point on optimizing web hosting services in your business.pdf
8 key point on optimizing web hosting services in your business.pdf8 key point on optimizing web hosting services in your business.pdf
8 key point on optimizing web hosting services in your business.pdf
 
8 Steps to Build a LangChain RAG Chatbot.
8 Steps to Build a LangChain RAG Chatbot.8 Steps to Build a LangChain RAG Chatbot.
8 Steps to Build a LangChain RAG Chatbot.
 
Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...
Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...
Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...
 
Einstein Copilot Conversational AI for your CRM.pdf
Einstein Copilot Conversational AI for your CRM.pdfEinstein Copilot Conversational AI for your CRM.pdf
Einstein Copilot Conversational AI for your CRM.pdf
 
20140812 - OBD2 Solution
20140812 - OBD2 Solution20140812 - OBD2 Solution
20140812 - OBD2 Solution
 
VuNet software organisation powerpoint deck
VuNet software organisation powerpoint deckVuNet software organisation powerpoint deck
VuNet software organisation powerpoint deck
 
MinionLabs_Mr. Gokul Srinivas_Young Entrepreneur
MinionLabs_Mr. Gokul Srinivas_Young EntrepreneurMinionLabs_Mr. Gokul Srinivas_Young Entrepreneur
MinionLabs_Mr. Gokul Srinivas_Young Entrepreneur
 
Take Advantage of Mx Tracking Flight Scheduling Solutions to Streamline Your ...
Take Advantage of Mx Tracking Flight Scheduling Solutions to Streamline Your ...Take Advantage of Mx Tracking Flight Scheduling Solutions to Streamline Your ...
Take Advantage of Mx Tracking Flight Scheduling Solutions to Streamline Your ...
 
Unlocking AI: Navigating Open Source vs. Commercial Frontiers
Unlocking AI:Navigating Open Source vs. Commercial FrontiersUnlocking AI:Navigating Open Source vs. Commercial Frontiers
Unlocking AI: Navigating Open Source vs. Commercial Frontiers
 
Mobile App Development process | Expert Tips
Mobile App Development process | Expert TipsMobile App Development process | Expert Tips
Mobile App Development process | Expert Tips
 
Leveling Up your Branding and Mastering MERN: Fullstack WebDev
Leveling Up your Branding and Mastering MERN: Fullstack WebDevLeveling Up your Branding and Mastering MERN: Fullstack WebDev
Leveling Up your Branding and Mastering MERN: Fullstack WebDev
 
Boost Efficiency: Sabre API Integration Made Easy
Boost Efficiency: Sabre API Integration Made EasyBoost Efficiency: Sabre API Integration Made Easy
Boost Efficiency: Sabre API Integration Made Easy
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 

Thick Client Testing Advanced

  • 1. Thick Client Testing Advanced By : Foram Dave & Aman Barot 29 Feb 2020 Twitter : @iForamDave , @AmanBarot12
  • 2. ● Information Gathering ● Different ways to Intercept request using burp ● Binary Analysis Agenda
  • 3. Information gathering Tools ● CFF Explorer ● PEid ● Detect it Easy (DIE) ● Strings
  • 4. Proxy-aware thick client Thick client application has built in feature to set up proxy server Tools Burp Suite Charles Proxy Mallory Proxy-unaware thick client Thick client application doesn’t have any feature to set up proxy server Tools Echo Mirage Javasnoop
  • 7. Thick client ➔ We need to have two machines residing in the same network. Both machines need to have Burp Suite tool running and one machine should have Loopback Adapter Card installed. ➔ Here the machine 1 act as a gateway that forward request to the internet. ➔ And machine 2 should be used as the testing machine. ➔ In machine 1, Burp suite capture the request forwarded by the burp suite present in machine 2 and forward to the actual server over the internet. ➔ In machine 2, listener set on loopback adapter ip address. ➔ VMWare have capability to add network adapter card so host only adapter used as testing tool for virtual environment where network access is not available.
  • 8. Different ways to Intercept thick client request Tools For intercept request ● Burp Suite, ○ NOPE Proxy(Applicable in only burp 1.X version) ○ System Proxy ○ Burp Hidden Proxy ● Fiddler ● Echo Mirage ● Charles Web Debugging Proxy ● JavaSnoop
  • 9. NoPE Proxy - Burp Extension ➢ Nope-Proxy Will intercept the request of HTTP traffic and TCP traffic as well. ➢ It will provide you same types of facilities to modify the request, parameter in terms of repeater. ➢ It will work like burp. We can edit requests ofthick client app, We can see history of the application. ➢ This extension has only one disadvantage that it will not work in BURP 2.O after versions, but at the same time we can use it in a burp community version before 2.O. ➢ For more find the ref link of github: https://github.com/summitt/Burp-Non-HTTP-Extension
  • 10. System Proxy ➔ Instead of use any of the proxy you can use system proxy to intercept the request of thick client app. ➔ If the Application is Proxy unaware thick client app.
  • 11. Binary analysis Tools for Binary Analysis ● Ghidra ● Immunity Debugger ● IDA Pro ● OllyDbg ● DnSpy ● x64dbg
  • 13. Screen : 2 Tool : Burp Suite Proxy (Hidden proxy)
  • 14. Screen : 3 Tool : Burp Suite Proxy
  • 15. Screen : 4 Tool : Burp Suite Proxy
  • 16. Screen : 5 Screen : 6 Tool : Burp Suite Proxy
  • 17. Intercepting Traffic through Burp Hidden Proxy Screen : 1 For Machine 1 (192.168.1.4)
  • 18. Screen : 2 - Machine 2 : 169.254.155.63 Intercepting Traffic through Burp Hidden Proxy
  • 19. Intercepting Traffic through Burp Hidden Proxy Screen : 3 - For Machine 2 (192.168.18.132)
  • 20. Screen : 4 Intercepting Traffic through Burp Hidden Proxy