4. Proxy-aware thick client
Thick client application
has built in feature to
set up proxy server
Tools
Burp Suite
Charles Proxy
Mallory
Proxy-unaware thick client
Thick client application
doesn’t have any feature to
set up proxy server
Tools
Echo Mirage
Javasnoop
7. Thick client
➔ We need to have two machines residing in the same network. Both machines need to have Burp
Suite tool running and one machine should have Loopback Adapter Card installed.
➔ Here the machine 1 act as a gateway that forward request to the internet.
➔ And machine 2 should be used as the testing machine.
➔ In machine 1, Burp suite capture the request forwarded by the burp suite present in machine 2 and
forward to the actual server over the internet.
➔ In machine 2, listener set on loopback adapter ip address.
➔ VMWare have capability to add network adapter card so host only adapter used as testing tool for
virtual environment where network access is not available.
8. Different ways to Intercept thick client request
Tools For intercept request
● Burp Suite,
○ NOPE Proxy(Applicable in only burp 1.X version)
○ System Proxy
○ Burp Hidden Proxy
● Fiddler
● Echo Mirage
● Charles Web Debugging Proxy
● JavaSnoop
9. NoPE Proxy - Burp Extension
➢ Nope-Proxy Will intercept the request of HTTP traffic and TCP traffic as well.
➢ It will provide you same types of facilities to modify the request, parameter in
terms of repeater.
➢ It will work like burp. We can edit requests ofthick client app, We can see
history of the application.
➢ This extension has only one disadvantage that it will not work in BURP 2.O
after versions, but at the same time we can use it in a burp community version
before 2.O.
➢ For more find the ref link of github: https://github.com/summitt/Burp-Non-HTTP-Extension
10. System Proxy
➔ Instead of use any of the proxy you can use system proxy
to intercept the request of thick client app.
➔ If the Application is Proxy unaware thick client app.
11. Binary analysis
Tools for Binary Analysis
● Ghidra
● Immunity Debugger
● IDA Pro
● OllyDbg
● DnSpy
● x64dbg