Thick Client Penetration Testing Tutorials - Part 2 ( Traffic Interception)
After getting the basics of thick client pentest, let’s delve into the very first steps you can take to commence thick client pentest. Interception and setting up proxy of application. Thick clients can be broken down into two types based on proxy settings: 1 1) Proxy aware 2) Proxy unaware Proxy aware are those applications which has settings in the application itself to route through IP address and ports for the purpose of logging in the application as well as transmit and receive data. Whenever you log into the application, you will be given a prompt showing username/ password along with destination IP and port. In case where the application does not have such settings, and only accepts username and password for authentication, you have to redirect the traffic from the application to your system to the actual server. This is the case of proxy unaware thick clients. Let’s see how: The very first step involves in getting the hostname of the thick client applic