[Owasp-delhi] Fwd: Thick client security testing

padmasriramiyer at hsbc.co.in padmasriramiyer at hsbc.co.in
Wed Aug 18 06:44:38 EDT 2010


yes ... Echo mirage is  the One which works for exe files and it works on 
my application as well, but the limitation remains the same as nilesh has 
pointed out.


Best regards,
Padma Sriram Iyer 




From:
nileshkumar83 at gmail.com
To:
Robin Tiwari <tiwari.robin at gmail.com>
Cc:
owasp-delhi at lists.owasp.org
Date:
18/08/10 03:57 PM
Subject:
Re: [Owasp-delhi] Fwd: Thick client security testing
Sent by:
owasp-delhi-bounces at lists.owasp.org



Yes EchoMirage is good tool for interception. The problem with the tool is 
that you can't exceed your payloads more than the size of the original 
variable. That doesn't give the flexibility to try longer payloads. The 
size is fixed.
Correct if I am wrong

On Tue, Aug 17, 2010 at 6:09 PM, Robin Tiwari <tiwari.robin at gmail.com> 
wrote:



Dear Padma;
 
For the exe client , the echo mirage tool is best to intercept the data 
from client to server. May i know what is issue with this tool with you ?
 
 


 
On Tue, Aug 17, 2010 at 12:40 PM, <padmasriramiyer at hsbc.co.in> wrote:

Firstly thanks All for the quick responses. 

I tried Echo Mirage, wireshark and ITR, but scope became very limited. I 
would definitely try out the other options suggested. 

I found another tool JavaSnoop, but i think we can only snoop a jar file. 
My app is an exe client. Has anybody worked on it? Any suggestions about 
it? 


Best regards, 
Padma Sriram Iyer 
Senior Security Analyst 
GLT Information Security Risk 
HSBC Technology and Services - Global Technology 
_______________________________________________________________________

Phone.     91 20 6642 2285
Tieline.     71 91 20 2285 
Email.       padmasriramiyer at hsbc.co.in 
_______________________________________________________________________ 


From: 
Dharmesh M Mehta <Dharmesh.Mehta at mastek.com> 
To: 
Padma Sriram IYER/ITD GLT/HSDI/HSBC at HSBC03, "owasp-delhi at lists.owasp.org" 
<owasp-delhi at lists.owasp.org> 
Date: 
17/08/10 04:47 PM 
Subject: 
RE: [Owasp-delhi] Thick client security testing





Hi Padma, 
  
I have personally found Echo Mirage tool useful for security testing of a 
thick client application. 
Like a proxy tool for testing web application, Echo Mirage can be used to 
intercept and modify the request from the client to the server and perform 
most of your validation related attacks. 
  
  
Thanks & Regards, 
  
Dharmesh Mehta, CISSP 
Security Specialist - Technology Engineering & Consulting Group 
Mastek Ltd | MNDC, MBP Mahape, Navi Mumbai, India | (T) 91 22 6791 4646 
Extn - 5469 | Mobile: 91 9730002132 
http://smartsecurity.blogspot.com 
  
From: owasp-delhi-bounces at lists.owasp.org [
mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of 
padmasriramiyer at hsbc.co.in
Sent: Tuesday, August 17, 2010 10:11 AM
To: owasp-delhi at lists.owasp.org; owasp-delhi-bounces at lists.owasp.org
Subject: [Owasp-delhi] Thick client security testing 
  

Hi guys, 

Can anyone please guide me how to proceed with security testing of Java 
application i.e. a thick client? 


Best regards, 
Padma Sriram Iyer 
Senior Security Analyst 
GLT Information Security Risk 
HSBC Technology and Services - Global Technology 
_______________________________________________________________________

Phone.     91 20 6642 2285
Tieline.     71 91 20 2285 
Email.       padmasriramiyer at hsbc.co.in 
_______________________________________________________________________

************************************************************
HSBC Software Development (India) Pvt Ltd
HSBC Center Riverside,West Avenue ,
25 B Kalyani Nagar Pune  411 006 INDIA

Telephone: +91 20 26683000
Fax: +91 20 26681030
************************************************************
----------------------------------------- 
******************************************************************* This 
e-mail is confidential. It may also be legally privileged. If you are not 
the addressee you may not copy, forward, disclose or use any part of it. 
If you have received this message in error, please delete it and all 
copies from your system and notify the sender immediately by return 
e-mail. Internet communications cannot be guaranteed to be timely, secure, 
error or virus-free. The sender does not accept liability for any errors 
or omissions. 
******************************************************************* "SAVE 
PAPER - THINK BEFORE YOU PRINT!" 



  


MASTEK LTD.
In the US, we're called MAJESCOMASTEK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Opinions expressed in this e-mail are those of the individual and not that 
of Mastek Limited, unless specifically indicated to that effect. Mastek 
Limited does not accept any responsibility or liability for it. This 
e-mail and attachments (if any) transmitted with it are confidential 
and/or privileged and solely for the use of the intended person or entity 
to which it is addressed. Any review, re-transmission, dissemination or 
other use of or taking of any action in reliance upon this information by 
persons or entities other than the intended recipient is prohibited. This 
e-mail and its attachments have been scanned for the presence of computer 
viruses. It is the responsibility of the recipient to run the virus check 
on e-mails and attachments before opening them. If you have received this 
e-mail in error, kindly delete this e-mail from desktop and server.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

******************************************************************
This message originated from the Internet. Its originator may or may not 
be who
they claim to be and the information contained in the message and any
attachments may or may not be accurate.
****************************************************************** 


************************************************************
HSBC Software Development (India) Pvt Ltd
HSBC Center Riverside,West Avenue ,
25 B Kalyani Nagar Pune  411 006 INDIA

Telephone: +91 20 26683000
Fax: +91 20 26681030
************************************************************
----------------------------------------- 
******************************************************************* This 
e-mail is confidential. It may also be legally privileged. If you are not 
the addressee you may not copy, forward, disclose or use any part of it. 
If you have received this message in error, please delete it and all 
copies from your system and notify the sender immediately by return 
e-mail. Internet communications cannot be guaranteed to be timely, secure, 
error or virus-free. The sender does not accept liability for any errors 
or omissions. 
******************************************************************* "SAVE 
PAPER - THINK BEFORE YOU PRINT!" 

_______________________________________________
Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi




-- 
Thanks & Regards

Robin Tiwari
Security Anlayst




-- 
Thanks & Regards

Robin Tiwari
Security Anlayst


_______________________________________________
Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi




-- 
Thanks & Regards,
Nilesh Kumar,
Engineer-Security Analyst
http://nileshkumar83.blogspot.com
http://linkedin.com/in/nileshkumar83 
Mobile- +91-9019076487
                                    Honeywell
Honeywell Technology Solutions Lab
_______________________________________________
Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi


-----------------------------------------
******************************************************************
This message originated from the Internet. Its originator may or
may not be who they claim to be and the information contained in
the message and any attachments may or may not be accurate.
******************************************************************



************************************************************
HSBC Software Development (India) Pvt Ltd
HSBC Center Riverside,West Avenue ,
25 B Kalyani Nagar Pune  411 006 INDIA

Telephone: +91 20 26683000
Fax: +91 20 26681030
************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100818/2814e4d3/attachment-0001.html 


More information about the Owasp-delhi mailing list