Proxy tool for thick client application testing

Jaya Kumar

unread,

Aug 28, 2015, 9:07:06 AM8/28/15

to null

Hello Null,

I am looking for an alternative proxy tool for echo mirage(as it is getting hang for few applications) for thick client application testing. i tried to install burp proxy for thick client, but i couldn't configure it properly for thick client application even though i followed procedure mentioned in the below links,

1. https://www.trustwave.com/Resources/SpiderLabs-Blog/%E2%80%9CReversing%E2%80%9D-Non-Proxy-Aware-HTTPS-Thick-Clients-w/-Burp/

2. http://blog.portswigger.net/2009/04/intercepting-thick-client.html

3. https://portswigger.net/burp/help/proxy_options_invisible.html

4.https://blog.netspi.com/pentesting-java-thick-applications-with-burp-jdser/( didn't follow this link as my application is not java based application)

please let me know if any one have used burp for thick client application testing.

Highly appreciate the responses :)

Thanks,

Jay

sandeep venkatesan

unread,

Aug 28, 2015, 11:21:59 AM8/28/15

to null-...@googlegroups.com

Hey Jay,

Yes you can use burp suite, but the thing is need to find the host of that thick app client. Instead of using burp suite you can use mallory proxy (https://askkhan.wordpress.com/2012/12/18/mallory-proxy/) by configuring two vm's one with mallory NAT and HOST mode and the other VM with HOST mode.

Regards

Sandeep V

--
______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
______________________________________________________________________________
Do you trust your hardware?
http://hardwear.io
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
Visit this group at http://groups.google.com/group/null-co-in.
For more options, visit https://groups.google.com/d/optout.

Akash

unread,

Aug 28, 2015, 11:31:05 PM8/28/15

to null-...@googlegroups.com

Burp Suite works well for thick clients if all the requests you want to capture are going to the same origin server.

What is the error you are facing?

I recommend that you troubleshoot with Wireshark to see what is happening to your requests and responses.

--
______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
______________________________________________________________________________
Do you trust your hardware?
http://hardwear.io
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
Visit this group at http://groups.google.com/group/null-co-in.
For more options, visit https://groups.google.com/d/optout.

--

Warm regards,
Akash Mahajan

That Web Application Security Guy | +91 99 805 271 82
akashm.com | @makash on twitter | linkd.in/webappsecguy
OWASP Bangalore Chapter Lead | null Community Manager

Reply all

Reply to author

Forward