Re: [WEB SECURITY] HTTP Proxy for thick clients

[haroon meer <haroon () sensepost com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi..

Make sure that you restart the application after changing your proxy
settings.. 

If this (or the other suggestions) dont work, check out the
outstandingly useful echomirage from bindshell.net

/mh

* Huan Chi <ktriv3di () msn com> [2007-08-28 11:38:06 -0700]:

> Thanks guys for the suggesstion. I tried doing this and for some reason the 
> although Paros works for IE, it does not work for the thick client 
> application.
>
> The thick client seems to send the traffic directly.
>
> Any other suggesstions?
>
>
> ----- Original Message ----- From: "haroon meer" <haroon () sensepost com>
> To: "Huan Chi" <ktriv3di () msn com>
> Cc: <websecurity () webappsec org>; <pen-test () securityfocus com>
> Sent: Monday, August 27, 2007 11:30 PM
> Subject: Re: [WEB SECURITY] HTTP Proxy for thick clients
>
>
> > Hi Huan..
> >
> > Fortunately for you, a .Net application will make use of the proxy
> > configured on the system when making SOAP calls by default (because i
> > believe it is using an IE instance to handle the call).
> >
> > Simply set burp/paros as your proxy prior to starting up your
> > thick-application and it should work exactly as you planned..
> >
> > (if the app bails because of an incorrect SSL key, you might have to
> > decompile the binary to remove the cert check or may get away with
> > installing a new cert (with just the correct CN into paros/burp) - but
> > you can contact me off-list if this does happen)
> >
> > /mh
> >
> > * Huan Chi <ktriv3di () msn com> [2007-08-27 19:32:26 -0700]:
> >
> > > List,
> > >
> > > I am testing a .NET thick client application using web services. I am 
> > > looking for an HTTP/TCP Proxy tool like PAROS / BURP which I can use to 
> > > see the change the traffic. The application does not have a way to set 
> > > proxy setting so I cannot use paros / burp and then do proxy chaining. 
> > > Also, everything on the tunnel is SSL, so ethereal is not much help
> > >
> > > Also, any good tools to edit XML / SOAP traffic
> > >
> > > Thanks for suggesstions in advance
> > >
> > >
> > >
> > >
> > > ----------------------------------------------------------------------------
> > > Join us on IRC: irc.freenode.net #webappsec
> > >
> > > Have a question? Search The Web Security Mailing List Archives: 
> > > http://www.webappsec.org/lists/websecurity/
> > >
> > > Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> > >
> > >
> > >
> > > ** CRM114 Whitelisted by: Subject: [WEB SECURITY] **
> >
> > -- 
> > Haroon Meer, SensePost Information Security  | 
> > http://www.sensepost.com/blog/
> > PGP: http://www.sensepost.com/pgp/haroon.txt |  Tel: +27 83786 6637
> >
> >
> >
> > ** CRM114 Whitelisted by: From haroon () sensepost com **
>
>
>
> ** CRM114 Whitelisted by: From: "haroon meer" <haroon () sensepost com **

- -- 
Haroon Meer, SensePost Information Security  |  http://www.sensepost.com/blog/
PGP: http://www.sensepost.com/pgp/haroon.txt |  Tel: +27 83786 6637

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFG1HCZjc6KZkVo+wYRAlz4AJ9qRZPB0ZZ3Z8ie/DeK/nk/XwHT+QCeI6il
LBTcEpsH/vFZvuOpFKtveJA=
=zzaq
-----END PGP SIGNATURE-----



 ** CRM114 Whitelisted by: From haroon () sensepost com **

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------