Traffic Analysis Using DAMN Vulnerable Thick Client App

by SecVulture
Oct. 7, 2017 0 comments INFOSEC Institute Encryption & Authentication

In the first part of this series, we have seen an introduction to Thick Client Applications, set up Damn Vulnerable Thick Client Application and finally performed some information gathering on the target application in question. We will slowly move towards various techniques to attack the application and its infrastructure starting from this article. Let us discuss the traffic analysis techniques in this article. Traffic Analysis: Any application communicating with the backend would send some data to its backend components (web server, FTP Server, database server, etc.) Analyzing the data during transfer is crucial during the analysis of an application. Many apps perform data transit without enforcing any encryption. Though the concept of intercepting traffic of thick clients is not different than thin clients, the tools will differ depending on the protocols used by the application. Since these applications are non-proxy aware, the intercepting techniques also will slightly vary.