Re: [WEB SECURITY] HTTP Proxy for thick clients

[haroon meer <haroon@xxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi..

Make sure that you restart the application after changing your proxy
settings.. 

If this (or the other suggestions) dont work, check out the
outstandingly useful echomirage from bindshell.net

/mh

* Huan Chi <ktriv3di@xxxxxxx> [2007-08-28 11:38:06 -0700]:

> Thanks guys for the suggesstion. I tried doing this and for some reason the 
> although Paros works for IE, it does not work for the thick client 
> application.
>
> The thick client seems to send the traffic directly.
>
> Any other suggesstions?
>
>
> ----- Original Message ----- From: "haroon meer" <haroon@xxxxxxxxxxxxx>
> To: "Huan Chi" <ktriv3di@xxxxxxx>
> Cc: <websecurity@xxxxxxxxxxxxx>; <pen-test@xxxxxxxxxxxxxxxxx>
> Sent: Monday, August 27, 2007 11:30 PM
> Subject: Re: [WEB SECURITY] HTTP Proxy for thick clients
>
>
>> Hi Huan..
>>
>> Fortunately for you, a .Net application will make use of the proxy
>> configured on the system when making SOAP calls by default (because i
>> believe it is using an IE instance to handle the call).
>>
>> Simply set burp/paros as your proxy prior to starting up your
>> thick-application and it should work exactly as you planned..
>>
>> (if the app bails because of an incorrect SSL key, you might have to
>> decompile the binary to remove the cert check or may get away with
>> installing a new cert (with just the correct CN into paros/burp) - but
>> you can contact me off-list if this does happen)
>>
>> /mh
>>
>> * Huan Chi <ktriv3di@xxxxxxx> [2007-08-27 19:32:26 -0700]:
>>
>>> List,
>>>
>>> I am testing a .NET thick client application using web services. I am 
>>> looking for an HTTP/TCP Proxy tool like PAROS / BURP which I can use to 
>>> see the change the traffic. The application does not have a way to set 
>>> proxy setting so I cannot use paros / burp and then do proxy chaining. 
>>> Also, everything on the tunnel is SSL, so ethereal is not much help
>>>
>>> Also, any good tools to edit XML / SOAP traffic
>>>
>>> Thanks for suggesstions in advance
>>>
>>>
>>>
>>>
>>> ----------------------------------------------------------------------------
>>> Join us on IRC: irc.freenode.net #webappsec
>>>
>>> Have a question? Search The Web Security Mailing List Archives: 
>>> http://www.webappsec.org/lists/websecurity/
>>>
>>> Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>>
>>>
>>>
>>> ** CRM114 Whitelisted by: Subject: [WEB SECURITY] **
>>
>> -- 
>> Haroon Meer, SensePost Information Security  | 
>> http://www.sensepost.com/blog/
>> PGP: http://www.sensepost.com/pgp/haroon.txt |  Tel: +27 83786 6637
>>
>>
>>
>> ** CRM114 Whitelisted by: From haroon@xxxxxxxxxxxxx **
>
>
>
> ** CRM114 Whitelisted by: From: "haroon meer" <haroon@xxxxxxxxxxxxx **

- -- 
Haroon Meer, SensePost Information Security  |  http://www.sensepost.com/blog/
PGP: http://www.sensepost.com/pgp/haroon.txt |  Tel: +27 83786 6637

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFG1HCZjc6KZkVo+wYRAlz4AJ9qRZPB0ZZ3Z8ie/DeK/nk/XwHT+QCeI6il
LBTcEpsH/vFZvuOpFKtveJA=
=zzaq
-----END PGP SIGNATURE-----



 ** CRM114 Whitelisted by: From haroon@xxxxxxxxxxxxx **

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]