[Owasp-delhi] Fwd: Thick client security testing

ronnie johndas ronnie.johndas at gmail.com
Wed Aug 18 06:52:35 EDT 2010


Hi Robin,

These are some of the problem with the tool:

1. Multithread communication : many thread sending data, makes it impossible
to find the packet to edit,
there maybe one thread that works like a poller if a timeout occurs on that
thread because u are busy editing value in packet sent from some other
thread it halts the process.

2. U can only change values in the assigned buffer, if the intercepted data
is 10 bytes u can't make it send 11 bytes.

3. Uses API hooking, because of that is very crash prone.
the best and reliable way is to put break points using a debugger on
(ws2_32.dll) open and recieve functions and edit the values before it sends,
using a debugger all the three above problems gets solved. Gives u leg space
to inject ur data.

Ollydbg,pydbg,immunity is a good debugger, u can write scipts in them to
automate what ever ur trying.

On Tue, Aug 17, 2010 at 6:09 PM, Robin Tiwari <tiwari.robin at gmail.com>wrote:

>
>
>
> Dear Padma;
>
> For the exe client , the echo mirage tool is best to intercept the data
> from client to server. May i know what is issue with this tool with you ?
>
>
>
>
>
>   On Tue, Aug 17, 2010 at 12:40 PM, <padmasriramiyer at hsbc.co.in> wrote:
>
>>
>> Firstly thanks All for the quick responses.
>>
>> I tried Echo Mirage, wireshark and ITR, but scope became very limited. I
>> would definitely try out the other options suggested.
>>
>> I found another tool JavaSnoop, but i think we can only snoop a jar file.
>> My app is an exe client. Has anybody worked on it? Any suggestions about it?
>>
>>
>> Best regards,
>> *Padma Sriram Iyer*
>> Senior Security Analyst
>> GLT Information Security Risk
>> HSBC Technology and Services - Global Technology
>> _______________________________________________________________________
>>
>> Phone.     91 20 6642 2285
>> Tieline.     71 91 20 2285
>> Email.       *padmasriramiyer at hsbc.co.in* <padmasriramiyer at hsbc.co.in>
>> _______________________________________________________________________
>>
>>
>>   From: Dharmesh M Mehta <Dharmesh.Mehta at mastek.com> To: Padma Sriram
>> IYER/ITD GLT/HSDI/HSBC at HSBC03, "owasp-delhi at lists.owasp.org" <
>> owasp-delhi at lists.owasp.org> Date: 17/08/10 04:47 PM Subject: RE:
>> [Owasp-delhi] Thick client security testing
>> ------------------------------
>>
>>
>>
>> Hi Padma,
>>
>> I have personally found Echo Mirage tool useful for security testing of a
>> thick client application.
>> Like a proxy tool for testing web application, Echo Mirage can be used to
>> intercept and modify the request from the client to the server and perform
>> most of your validation related attacks.
>>
>>
>> Thanks & Regards,
>>
>> Dharmesh Mehta, CISSP
>> Security Specialist - Technology Engineering & Consulting Group
>> Mastek Ltd | MNDC, MBP Mahape, Navi Mumbai, India | (T) 91 22 6791 4646
>> Extn - 5469 | Mobile: 91 9730002132
>> *http://smartsecurity.blogspot.com* <http://smartsecurity.blogspot.com/>
>>
>> *From:* owasp-delhi-bounces at lists.owasp.org [
>> mailto:owasp-delhi-bounces at lists.owasp.org<owasp-delhi-bounces at lists.owasp.org>]
>> *On Behalf Of *padmasriramiyer at hsbc.co.in*
>> Sent:* Tuesday, August 17, 2010 10:11 AM*
>> To:* owasp-delhi at lists.owasp.org; owasp-delhi-bounces at lists.owasp.org*
>> Subject:* [Owasp-delhi] Thick client security testing
>>
>>
>> Hi guys,
>>
>> Can anyone please guide me how to proceed with security testing of Java
>> application i.e. a thick client?
>>
>>
>> Best regards, *
>> Padma Sriram Iyer*
>> Senior Security Analyst
>> GLT Information Security Risk
>> HSBC Technology and Services - Global Technology
>> _______________________________________________________________________
>>
>> Phone.     91 20 6642 2285
>> Tieline.     71 91 20 2285
>> Email.       *padmasriramiyer at hsbc.co.in* <padmasriramiyer at hsbc.co.in>
>> _______________________________________________________________________
>>
>> ************************************************************
>> HSBC Software Development (India) Pvt Ltd
>> HSBC Center Riverside,West Avenue ,
>> 25 B Kalyani Nagar Pune  411 006 INDIA
>>
>> Telephone: +91 20 26683000
>> Fax: +91 20 26681030
>> ************************************************************
>> -----------------------------------------
>> ******************************************************************* This
>> e-mail is confidential. It may also be legally privileged. If you are not
>> the addressee you may not copy, forward, disclose or use any part of it. If
>> you have received this message in error, please delete it and all copies
>> from your system and notify the sender immediately by return e-mail.
>> Internet communications cannot be guaranteed to be timely, secure, error or
>> virus-free. The sender does not accept liability for any errors or
>> omissions.
>> ******************************************************************* "SAVE
>> PAPER - THINK BEFORE YOU PRINT!"
>>
>>
>>
>>
>>
>>
>> MASTEK LTD.
>> In the US, we're called MAJESCOMASTEK
>>
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Opinions expressed in this e-mail are those of the individual and not that
>> of Mastek Limited, unless specifically indicated to that effect. Mastek
>> Limited does not accept any responsibility or liability for it. This e-mail
>> and attachments (if any) transmitted with it are confidential and/or
>> privileged and solely for the use of the intended person or entity to which
>> it is addressed. Any review, re-transmission, dissemination or other use of
>> or taking of any action in reliance upon this information by persons or
>> entities other than the intended recipient is prohibited. This e-mail and
>> its attachments have been scanned for the presence of computer viruses. It
>> is the responsibility of the recipient to run the virus check on e-mails and
>> attachments before opening them. If you have received this e-mail in error,
>> kindly delete this e-mail from desktop and server.
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> ------------------------------
>>
>>  *******************************************************************
>> This message originated from the Internet. Its originator may or may not
>> be who
>> they claim to be and the information contained in the message and any
>> attachments may or may not be accurate.
>> *******************************************************************
>>
>>
>>
>> ************************************************************
>> HSBC Software Development (India) Pvt Ltd
>> HSBC Center Riverside,West Avenue ,
>> 25 B Kalyani Nagar Pune  411 006 INDIA
>>
>> Telephone: +91 20 26683000
>> Fax: +91 20 26681030
>> ************************************************************
>> -----------------------------------------
>> ******************************************************************* This
>> e-mail is confidential. It may also be legally privileged. If you are not
>> the addressee you may not copy, forward, disclose or use any part of it. If
>> you have received this message in error, please delete it and all copies
>> from your system and notify the sender immediately by return e-mail.
>> Internet communications cannot be guaranteed to be timely, secure, error or
>> virus-free. The sender does not accept liability for any errors or
>> omissions.
>> ******************************************************************* "SAVE
>> PAPER - THINK BEFORE YOU PRINT!"
>>
>>
>> _______________________________________________
>> Owasp-delhi mailing list
>> Owasp-delhi at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>>
>>
>
>
> --
> Thanks & Regards
>
> Robin Tiwari
> Security Anlayst
>
>
>
>
> --
> Thanks & Regards
>
> Robin Tiwari
> Security Anlayst
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>


-- 
Thanks and Regards

Ronnie Johndas
Application Security Analyst
Honeywell Tech Solutions Lab
Bangalore

Blog:
http://appsecbyre.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100818/9289f95f/attachment.html 


More information about the Owasp-delhi mailing list