[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] HTTP Proxy for thick clients
- From: "Mark Andrews" <gdroids@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] HTTP Proxy for thick clients
- Date: Tue, 28 Aug 2007 12:31:38 -0700
Just a shot, but is there a way to use netcat and openssl to achieve
what you're looking for?
-ma
On 8/28/07, Huan Chi <ktriv3di@xxxxxxx> wrote:
> Thanks guys for the suggesstion. I tried doing this and for some reason the
> although Paros works for IE, it does not work for the thick client
> application.
>
> The thick client seems to send the traffic directly.
>
> Any other suggesstions?
>
>
> ----- Original Message -----
> From: "haroon meer" <haroon@xxxxxxxxxxxxx>
> To: "Huan Chi" <ktriv3di@xxxxxxx>
> Cc: <websecurity@xxxxxxxxxxxxx>; <pen-test@xxxxxxxxxxxxxxxxx>
> Sent: Monday, August 27, 2007 11:30 PM
> Subject: Re: [WEB SECURITY] HTTP Proxy for thick clients
>
>
> > Hi Huan..
> >
> > Fortunately for you, a .Net application will make use of the proxy
> > configured on the system when making SOAP calls by default (because i
> > believe it is using an IE instance to handle the call).
> >
> > Simply set burp/paros as your proxy prior to starting up your
> > thick-application and it should work exactly as you planned..
> >
> > (if the app bails because of an incorrect SSL key, you might have to
> > decompile the binary to remove the cert check or may get away with
> > installing a new cert (with just the correct CN into paros/burp) - but
> > you can contact me off-list if this does happen)
> >
> > /mh
> >
> > * Huan Chi <ktriv3di@xxxxxxx> [2007-08-27 19:32:26 -0700]:
> >
> >> List,
> >>
> >> I am testing a .NET thick client application using web services. I am
> >> looking for an HTTP/TCP Proxy tool like PAROS / BURP which I can use to
> >> see the change the traffic. The application does not have a way to set
> >> proxy setting so I cannot use paros / burp and then do proxy chaining.
> >> Also, everything on the tunnel is SSL, so ethereal is not much help
> >>
> >> Also, any good tools to edit XML / SOAP traffic
> >>
> >> Thanks for suggesstions in advance
> >>
> >>
> >>
> >>
> >> ----------------------------------------------------------------------------
> >> Join us on IRC: irc.freenode.net #webappsec
> >>
> >> Have a question? Search The Web Security Mailing List Archives:
> >> http://www.webappsec.org/lists/websecurity/
> >>
> >> Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS
> >> Feed]
> >>
> >>
> >>
> >> ** CRM114 Whitelisted by: Subject: [WEB SECURITY] **
> >
> > --
> > Haroon Meer, SensePost Information Security |
> > http://www.sensepost.com/blog/
> > PGP: http://www.sensepost.com/pgp/haroon.txt | Tel: +27 83786 6637
> >
> >
> >
> > ** CRM114 Whitelisted by: From haroon@xxxxxxxxxxxxx **
> >
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Brought to you by http://www.webappsec.org
Search this site
|