Re: [WEB SECURITY] HTTP Proxy for thick clients

From: Huan Chi (ktriv3di@msn.com)
Date: Tue Aug 28 2007 - 14:38:06 EDT


Thanks guys for the suggesstion. I tried doing this and for some reason the
although Paros works for IE, it does not work for the thick client
application.

The thick client seems to send the traffic directly.

Any other suggesstions?

----- Original Message -----
From: "haroon meer" <haroon@sensepost.com>
To: "Huan Chi" <ktriv3di@msn.com>
Cc: <websecurity@webappsec.org>; <pen-test@securityfocus.com>
Sent: Monday, August 27, 2007 11:30 PM
Subject: Re: [WEB SECURITY] HTTP Proxy for thick clients

> Hi Huan..
>
> Fortunately for you, a .Net application will make use of the proxy
> configured on the system when making SOAP calls by default (because i
> believe it is using an IE instance to handle the call).
>
> Simply set burp/paros as your proxy prior to starting up your
> thick-application and it should work exactly as you planned..
>
> (if the app bails because of an incorrect SSL key, you might have to
> decompile the binary to remove the cert check or may get away with
> installing a new cert (with just the correct CN into paros/burp) - but
> you can contact me off-list if this does happen)
>
> /mh
>
> * Huan Chi <ktriv3di@msn.com> [2007-08-27 19:32:26 -0700]:
>
>> List,
>>
>> I am testing a .NET thick client application using web services. I am
>> looking for an HTTP/TCP Proxy tool like PAROS / BURP which I can use to
>> see the change the traffic. The application does not have a way to set
>> proxy setting so I cannot use paros / burp and then do proxy chaining.
>> Also, everything on the tunnel is SSL, so ethereal is not much help
>>
>> Also, any good tools to edit XML / SOAP traffic
>>
>> Thanks for suggesstions in advance
>>
>>
>>
>>
>> ----------------------------------------------------------------------------
>> Join us on IRC: irc.freenode.net #webappsec
>>
>> Have a question? Search The Web Security Mailing List Archives:
>> http://www.webappsec.org/lists/websecurity/
>>
>> Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS
>> Feed]
>>
>>
>>
>> ** CRM114 Whitelisted by: Subject: [WEB SECURITY] **
>
> --
> Haroon Meer, SensePost Information Security |
> http://www.sensepost.com/blog/
> PGP: http://www.sensepost.com/pgp/haroon.txt | Tel: +27 83786 6637
>
>
>
> ** CRM114 Whitelisted by: From haroon@sensepost.com **
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:04 EDT