[Owasp-delhi] Fwd: Thick client security testing

nileshkumar83 at gmail.com nileshkumar83 at gmail.com
Wed Aug 18 06:18:20 EDT 2010


Yes EchoMirage is good tool for interception. The problem with the tool is
that you can't exceed your payloads more than the size of the original
variable. That doesn't give the flexibility to try longer payloads. The size
is fixed.
Correct if I am wrong

On Tue, Aug 17, 2010 at 6:09 PM, Robin Tiwari <tiwari.robin at gmail.com>wrote:

>
>
>
> Dear Padma;
>
> For the exe client , the echo mirage tool is best to intercept the data
> from client to server. May i know what is issue with this tool with you ?
>
>
>
>
>
>   On Tue, Aug 17, 2010 at 12:40 PM, <padmasriramiyer at hsbc.co.in> wrote:
>
>>
>> Firstly thanks All for the quick responses.
>>
>> I tried Echo Mirage, wireshark and ITR, but scope became very limited. I
>> would definitely try out the other options suggested.
>>
>> I found another tool JavaSnoop, but i think we can only snoop a jar file.
>> My app is an exe client. Has anybody worked on it? Any suggestions about it?
>>
>>
>> Best regards,
>> *Padma Sriram Iyer*
>> Senior Security Analyst
>> GLT Information Security Risk
>> HSBC Technology and Services - Global Technology
>> _______________________________________________________________________
>>
>> Phone.     91 20 6642 2285
>> Tieline.     71 91 20 2285
>> Email.       *padmasriramiyer at hsbc.co.in* <padmasriramiyer at hsbc.co.in>
>> _______________________________________________________________________
>>
>>
>>   From: Dharmesh M Mehta <Dharmesh.Mehta at mastek.com> To: Padma Sriram
>> IYER/ITD GLT/HSDI/HSBC at HSBC03, "owasp-delhi at lists.owasp.org" <
>> owasp-delhi at lists.owasp.org> Date: 17/08/10 04:47 PM Subject: RE:
>> [Owasp-delhi] Thick client security testing
>> ------------------------------
>>
>>
>>
>> Hi Padma,
>>
>> I have personally found Echo Mirage tool useful for security testing of a
>> thick client application.
>> Like a proxy tool for testing web application, Echo Mirage can be used to
>> intercept and modify the request from the client to the server and perform
>> most of your validation related attacks.
>>
>>
>> Thanks & Regards,
>>
>> Dharmesh Mehta, CISSP
>> Security Specialist - Technology Engineering & Consulting Group
>> Mastek Ltd | MNDC, MBP Mahape, Navi Mumbai, India | (T) 91 22 6791 4646
>> Extn - 5469 | Mobile: 91 9730002132
>> *http://smartsecurity.blogspot.com* <http://smartsecurity.blogspot.com/>
>>
>> *From:* owasp-delhi-bounces at lists.owasp.org [
>> mailto:owasp-delhi-bounces at lists.owasp.org<owasp-delhi-bounces at lists.owasp.org>]
>> *On Behalf Of *padmasriramiyer at hsbc.co.in*
>> Sent:* Tuesday, August 17, 2010 10:11 AM*
>> To:* owasp-delhi at lists.owasp.org; owasp-delhi-bounces at lists.owasp.org*
>> Subject:* [Owasp-delhi] Thick client security testing
>>
>>
>> Hi guys,
>>
>> Can anyone please guide me how to proceed with security testing of Java
>> application i.e. a thick client?
>>
>>
>> Best regards, *
>> Padma Sriram Iyer*
>> Senior Security Analyst
>> GLT Information Security Risk
>> HSBC Technology and Services - Global Technology
>> _______________________________________________________________________
>>
>> Phone.     91 20 6642 2285
>> Tieline.     71 91 20 2285
>> Email.       *padmasriramiyer at hsbc.co.in* <padmasriramiyer at hsbc.co.in>
>> _______________________________________________________________________
>>
>> ************************************************************
>> HSBC Software Development (India) Pvt Ltd
>> HSBC Center Riverside,West Avenue ,
>> 25 B Kalyani Nagar Pune  411 006 INDIA
>>
>> Telephone: +91 20 26683000
>> Fax: +91 20 26681030
>> ************************************************************
>> -----------------------------------------
>> ******************************************************************* This
>> e-mail is confidential. It may also be legally privileged. If you are not
>> the addressee you may not copy, forward, disclose or use any part of it. If
>> you have received this message in error, please delete it and all copies
>> from your system and notify the sender immediately by return e-mail.
>> Internet communications cannot be guaranteed to be timely, secure, error or
>> virus-free. The sender does not accept liability for any errors or
>> omissions.
>> ******************************************************************* "SAVE
>> PAPER - THINK BEFORE YOU PRINT!"
>>
>>
>>
>>
>>
>>
>> MASTEK LTD.
>> In the US, we're called MAJESCOMASTEK
>>
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Opinions expressed in this e-mail are those of the individual and not that
>> of Mastek Limited, unless specifically indicated to that effect. Mastek
>> Limited does not accept any responsibility or liability for it. This e-mail
>> and attachments (if any) transmitted with it are confidential and/or
>> privileged and solely for the use of the intended person or entity to which
>> it is addressed. Any review, re-transmission, dissemination or other use of
>> or taking of any action in reliance upon this information by persons or
>> entities other than the intended recipient is prohibited. This e-mail and
>> its attachments have been scanned for the presence of computer viruses. It
>> is the responsibility of the recipient to run the virus check on e-mails and
>> attachments before opening them. If you have received this e-mail in error,
>> kindly delete this e-mail from desktop and server.
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> ------------------------------
>>
>>  *******************************************************************
>> This message originated from the Internet. Its originator may or may not
>> be who
>> they claim to be and the information contained in the message and any
>> attachments may or may not be accurate.
>> *******************************************************************
>>
>>
>>
>> ************************************************************
>> HSBC Software Development (India) Pvt Ltd
>> HSBC Center Riverside,West Avenue ,
>> 25 B Kalyani Nagar Pune  411 006 INDIA
>>
>> Telephone: +91 20 26683000
>> Fax: +91 20 26681030
>> ************************************************************
>> -----------------------------------------
>> ******************************************************************* This
>> e-mail is confidential. It may also be legally privileged. If you are not
>> the addressee you may not copy, forward, disclose or use any part of it. If
>> you have received this message in error, please delete it and all copies
>> from your system and notify the sender immediately by return e-mail.
>> Internet communications cannot be guaranteed to be timely, secure, error or
>> virus-free. The sender does not accept liability for any errors or
>> omissions.
>> ******************************************************************* "SAVE
>> PAPER - THINK BEFORE YOU PRINT!"
>>
>>
>> _______________________________________________
>> Owasp-delhi mailing list
>> Owasp-delhi at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>>
>>
>
>
> --
> Thanks & Regards
>
> Robin Tiwari
> Security Anlayst
>
>
>
>
> --
> Thanks & Regards
>
> Robin Tiwari
> Security Anlayst
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>


-- 
Thanks & Regards,
Nilesh Kumar,
Engineer-Security Analyst
http://nileshkumar83.blogspot.com
http://linkedin.com/in/nileshkumar83
Mobile- +91-9019076487
*                                    Honeywell*
Honeywell Technology Solutions Lab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100818/ffe9d16c/attachment-0001.html 


More information about the Owasp-delhi mailing list