[Owasp-delhi] Fwd: Thick client security testing

Robin Tiwari tiwari.robin at gmail.com
Tue Aug 17 08:39:07 EDT 2010


Dear Padma;

For the exe client , the echo mirage tool is best to intercept the data from
client to server. May i know what is issue with this tool with you ?





  On Tue, Aug 17, 2010 at 12:40 PM, <padmasriramiyer at hsbc.co.in> wrote:

>
> Firstly thanks All for the quick responses.
>
> I tried Echo Mirage, wireshark and ITR, but scope became very limited. I
> would definitely try out the other options suggested.
>
> I found another tool JavaSnoop, but i think we can only snoop a jar file.
> My app is an exe client. Has anybody worked on it? Any suggestions about it?
>
>
> Best regards,
> *Padma Sriram Iyer*
> Senior Security Analyst
> GLT Information Security Risk
> HSBC Technology and Services - Global Technology
> _______________________________________________________________________
>
> Phone.     91 20 6642 2285
> Tieline.     71 91 20 2285
> Email.       *padmasriramiyer at hsbc.co.in* <padmasriramiyer at hsbc.co.in>
> _______________________________________________________________________
>
>
>   From: Dharmesh M Mehta <Dharmesh.Mehta at mastek.com> To: Padma Sriram
> IYER/ITD GLT/HSDI/HSBC at HSBC03, "owasp-delhi at lists.owasp.org" <
> owasp-delhi at lists.owasp.org> Date: 17/08/10 04:47 PM Subject: RE:
> [Owasp-delhi] Thick client security testing
> ------------------------------
>
>
>
> Hi Padma,
>
> I have personally found Echo Mirage tool useful for security testing of a
> thick client application.
> Like a proxy tool for testing web application, Echo Mirage can be used to
> intercept and modify the request from the client to the server and perform
> most of your validation related attacks.
>
>
> Thanks & Regards,
>
> Dharmesh Mehta, CISSP
> Security Specialist - Technology Engineering & Consulting Group
> Mastek Ltd | MNDC, MBP Mahape, Navi Mumbai, India | (T) 91 22 6791 4646
> Extn - 5469 | Mobile: 91 9730002132
> *http://smartsecurity.blogspot.com* <http://smartsecurity.blogspot.com/>
>
> *From:* owasp-delhi-bounces at lists.owasp.org [
> mailto:owasp-delhi-bounces at lists.owasp.org<owasp-delhi-bounces at lists.owasp.org>]
> *On Behalf Of *padmasriramiyer at hsbc.co.in*
> Sent:* Tuesday, August 17, 2010 10:11 AM*
> To:* owasp-delhi at lists.owasp.org; owasp-delhi-bounces at lists.owasp.org*
> Subject:* [Owasp-delhi] Thick client security testing
>
>
> Hi guys,
>
> Can anyone please guide me how to proceed with security testing of Java
> application i.e. a thick client?
>
>
> Best regards, *
> Padma Sriram Iyer*
> Senior Security Analyst
> GLT Information Security Risk
> HSBC Technology and Services - Global Technology
> _______________________________________________________________________
>
> Phone.     91 20 6642 2285
> Tieline.     71 91 20 2285
> Email.       *padmasriramiyer at hsbc.co.in* <padmasriramiyer at hsbc.co.in>
> _______________________________________________________________________
>
> ************************************************************
> HSBC Software Development (India) Pvt Ltd
> HSBC Center Riverside,West Avenue ,
> 25 B Kalyani Nagar Pune  411 006 INDIA
>
> Telephone: +91 20 26683000
> Fax: +91 20 26681030
> ************************************************************
> -----------------------------------------
> ******************************************************************* This
> e-mail is confidential. It may also be legally privileged. If you are not
> the addressee you may not copy, forward, disclose or use any part of it. If
> you have received this message in error, please delete it and all copies
> from your system and notify the sender immediately by return e-mail.
> Internet communications cannot be guaranteed to be timely, secure, error or
> virus-free. The sender does not accept liability for any errors or
> omissions.
> ******************************************************************* "SAVE
> PAPER - THINK BEFORE YOU PRINT!"
>
>
>
>
>
>
> MASTEK LTD.
> In the US, we're called MAJESCOMASTEK
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Opinions expressed in this e-mail are those of the individual and not that
> of Mastek Limited, unless specifically indicated to that effect. Mastek
> Limited does not accept any responsibility or liability for it. This e-mail
> and attachments (if any) transmitted with it are confidential and/or
> privileged and solely for the use of the intended person or entity to which
> it is addressed. Any review, re-transmission, dissemination or other use of
> or taking of any action in reliance upon this information by persons or
> entities other than the intended recipient is prohibited. This e-mail and
> its attachments have been scanned for the presence of computer viruses. It
> is the responsibility of the recipient to run the virus check on e-mails and
> attachments before opening them. If you have received this e-mail in error,
> kindly delete this e-mail from desktop and server.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ------------------------------
>
>  *******************************************************************
> This message originated from the Internet. Its originator may or may not be
> who
> they claim to be and the information contained in the message and any
> attachments may or may not be accurate.
> *******************************************************************
>
>
>
> ************************************************************
> HSBC Software Development (India) Pvt Ltd
> HSBC Center Riverside,West Avenue ,
> 25 B Kalyani Nagar Pune  411 006 INDIA
>
> Telephone: +91 20 26683000
> Fax: +91 20 26681030
> ************************************************************
> -----------------------------------------
> ******************************************************************* This
> e-mail is confidential. It may also be legally privileged. If you are not
> the addressee you may not copy, forward, disclose or use any part of it. If
> you have received this message in error, please delete it and all copies
> from your system and notify the sender immediately by return e-mail.
> Internet communications cannot be guaranteed to be timely, secure, error or
> virus-free. The sender does not accept liability for any errors or
> omissions.
> ******************************************************************* "SAVE
> PAPER - THINK BEFORE YOU PRINT!"
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>


-- 
Thanks & Regards

Robin Tiwari
Security Anlayst




-- 
Thanks & Regards

Robin Tiwari
Security Anlayst
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100817/033839ca/attachment.html 


More information about the Owasp-delhi mailing list