From: haroon meer (haroon@sensepost.com)
Date: Tue Aug 28 2007 - 14:59:38 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi..
Make sure that you restart the application after changing your proxy
settings..
If this (or the other suggestions) dont work, check out the
outstandingly useful echomirage from bindshell.net
/mh
* Huan Chi <ktriv3di@msn.com> [2007-08-28 11:38:06 -0700]:
> Thanks guys for the suggesstion. I tried doing this and for some reason the
> although Paros works for IE, it does not work for the thick client
> application.
>
> The thick client seems to send the traffic directly.
>
> Any other suggesstions?
>
>
> ----- Original Message ----- From: "haroon meer" <haroon@sensepost.com>
> To: "Huan Chi" <ktriv3di@msn.com>
> Cc: <websecurity@webappsec.org>; <pen-test@securityfocus.com>
> Sent: Monday, August 27, 2007 11:30 PM
> Subject: Re: [WEB SECURITY] HTTP Proxy for thick clients
>
>
>> Hi Huan..
>>
>> Fortunately for you, a .Net application will make use of the proxy
>> configured on the system when making SOAP calls by default (because i
>> believe it is using an IE instance to handle the call).
>>
>> Simply set burp/paros as your proxy prior to starting up your
>> thick-application and it should work exactly as you planned..
>>
>> (if the app bails because of an incorrect SSL key, you might have to
>> decompile the binary to remove the cert check or may get away with
>> installing a new cert (with just the correct CN into paros/burp) - but
>> you can contact me off-list if this does happen)
>>
>> /mh
>>
>> * Huan Chi <ktriv3di@msn.com> [2007-08-27 19:32:26 -0700]:
>>
>>> List,
>>>
>>> I am testing a .NET thick client application using web services. I am
>>> looking for an HTTP/TCP Proxy tool like PAROS / BURP which I can use to
>>> see the change the traffic. The application does not have a way to set
>>> proxy setting so I cannot use paros / burp and then do proxy chaining.
>>> Also, everything on the tunnel is SSL, so ethereal is not much help
>>>
>>> Also, any good tools to edit XML / SOAP traffic
>>>
>>> Thanks for suggesstions in advance
>>>
>>>
>>>
>>>
>>> ----------------------------------------------------------------------------
>>> Join us on IRC: irc.freenode.net #webappsec
>>>
>>> Have a question? Search The Web Security Mailing List Archives:
>>> http://www.webappsec.org/lists/websecurity/
>>>
>>> Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>>
>>>
>>>
>>> ** CRM114 Whitelisted by: Subject: [WEB SECURITY] **
>>
>> --
>> Haroon Meer, SensePost Information Security |
>> http://www.sensepost.com/blog/
>> PGP: http://www.sensepost.com/pgp/haroon.txt | Tel: +27 83786 6637
>>
>>
>>
>> ** CRM114 Whitelisted by: From haroon@sensepost.com **
>
>
>
> ** CRM114 Whitelisted by: From: "haroon meer" <haroon@sensepost.com **
- --
Haroon Meer, SensePost Information Security | http://www.sensepost.com/blog/
PGP: http://www.sensepost.com/pgp/haroon.txt | Tel: +27 83786 6637
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFG1HCZjc6KZkVo+wYRAlz4AJ9qRZPB0ZZ3Z8ie/DeK/nk/XwHT+QCeI6il
LBTcEpsH/vFZvuOpFKtveJA=
=zzaq
-----END PGP SIGNATURE-----
** CRM114 Whitelisted by: From haroon@sensepost.com **
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:04 EDT