Introduction
The thick client penetration testing tools are used in the penetration testing process of thick client applications that involve both local and server-side processing and are often conducted using proprietary protocols. The attack surface of thick client applications can be extremely large, which can make thick client testing a very exciting endeavor for pentesters. In contrast with web applications and infrastructure pentests, thick client pentesting is more likely to be successful because the client is available locally, therefore, critical vulnerabilities can be discovered.
Moreover, the process often requires specialized tools and a custom testing format. This blog aims to provide several tools to refer to when assessing the security of thick client applications to achieve better pentest results.
We would like to present the following essential thick client penetration testing tools:
Echo mirage is used for DLL injection and function hooking techniques that help to intercept the traffic received by the local application. Which can be intercepted in real-time or manipulated both ways.
Echo mirage can be executed in two modes:
– By launching an executable file from ECHO: during this process application is provided to the Echo mirage penetration testing tool and the tool launches the selective application.
– Injecting into a running process: In this process, the tool injects the process by hooking and then they selecting the thick client application from the multiple running processes
Platform: Windows
BURP is an intercepting proxy server for measuring the security of web-based applications, it can be used as the invisible mode to intercept the request of other thick client penetration testing.
Testing a desktop or thick client component that runs outside the browser, a browser plugin making HTTP requests outside the browser’s framework, or not changing the system proxy settings is sometimes advantageous using Burp.
Platform: Windows, macOS, Linux, JAR.
An analysis of network protocols with Wireshark is the most common and widely used tool in the world. By using Wireshark, you can capture network packets and view them in detail. You can analyze these packets in real-time or offline once they have been identified. The Wireshark allows you to take a close look at your network traffic, filter it and drill down into it so you can get a better understanding of the root cause of problems, and ultimately help you protect your network.
Platform: Windows, macOS.
Putty is a software terminal emulator used in windows and Linux It is also an automated and open-source SSH client used to connect with the server. It’s a terminal for Windows-based OS. They used to support several protocols including SSH, SCP, and stuff. This particular software is written in Microsoft windows.
Platform: Windows.
This particular software is used to break the password of different software. It was designed to test the strength of passwords, brute force encrypting, and try to crack passwords via different attacks. It’s a part of the Rapid7 penetration family. The primary purpose is to detect weak Unix passwords.
Platform: Windows, macOS, Linux.
This is a highly used vulnerability management tool, that provides information about security vulnerabilities in penetration testing, they are used to provide deep information about the critical it is owned by Repid7 and is based on a cyber security firm. A notable subproject is an open-source Metasploit framework.
Platform: Windows, Linux.
You can capture data that travels through your network adapter using SmartSniff and view it as a sequence of client-server conversations.
Platform: Windows.
Nmap:
Nmap is a network scanning and path detecting tool that is highly useful during multiple steps of penetrating testing. It’s a powerful utility that is used for vulnerabilities identifier or scanners. It is generally used as a network Mapper, it is a highly veritable tool shed of functionality used in network scanning.
Platform: Windows, macOS, Linux.
A framework for dynamic instrumentation for developers, reverse engineers, and security researchers. Frida allows you to intercept and inject your own code into data received and delivered by applications.
Platform: Windows, macOS, Linux, Android, API.
P0f: The P0f tool stands for passive TCP/IP stack fingerprinting tool. P0f can attempt to identify the traffic that is generated by the machine on a running system. It is also used to assist in analyzing other assets like a remote system. It detects the operating system of a machine by inspecting network traffic passively.
Platform: Linux
Various thick client penetration testing tools are used for various types of testing. Thus, apart from the essential tools, let’s have a look at a few more thick client penetration testing tools for specific tasks:
Identifying application architecture, languages and framework used
CFF Explorer A program aimed to make PE editing as simple as possible while keeping the internal structure of the portable executable in mind.
Platform: Windows
Detect It Easy (DIE) Determining file types for Linux,macOS, and Windows platforms.
Platform: Windows, macOS, Linux.
Strings A program that analyses whatever files you provide for UNICODE or ASCII sequences of three or more characters in length.
Platform: Windows
Intercepting Network Communication Between the Client and the Server
tcpdump is commonly used as a command-line packet analyzer. Using it, users can intercept and display TCP/IP and other packets sent and received on a network.
Platform: Windows, macOS, Linux, Android, API.
Microsoft Network Monitor 3.4 is used for network traffic capture and protocol analysis.
Platform: Windows
Additional thick client penetration testing tools, proxy
Fiddler is a free online debugging application that records all HTTP(S) communication between your machine and the Internet.
Platform: Windows, macOS, Linux.
Charles Web Debugging Proxy is an HTTP proxy that allows you to see all HTTP and SSL / HTTPS communication between your system and the Internet. This contains HTTP requests, replies, and headers.
Platform: Windows, macOS, Linux.
File analysis tools for Client Side validation
Process Monitor A powerful Windows monitoring program that displays real-time file system, Registry, and process/thread activity.
Platform: Windows
Regshot An open-source (LGPL) registry compare program that allows you to take a snapshot of your registry rapidly and then compare it to another – useful after performing system modifications or installing a new software package.
Platform: Windows
Process Explorer provides the functionality of the Windows Task Manager as well as a comprehensive range of capabilities for gathering information about processes operating on the user’s PC. It may be used as the initial step in program debugging.
Platform: Windows
Tools designed for testing for DLL Hijacking vulnerability
DLLSpy is a tool for detecting DLL hijacking in running processes, services, and binaries.
Platform: Windows
Robber is an open-source tool for locating executables that are vulnerable to DLL hijacking.
Platform: Windows, API, Linux.
Conclusion
Although the thick client application developer remembers to follow the best practices and deploy the server correctly. There could be weaknesses that attackers will try to exploit and pentesters need to identify them before the attackers do to safely secure the applications.
We have tried to provide a complete set of thick client penetration testing tools through this blog. The above tools list is not exhaustive and can change as per the requirement and use case
For dedicated professional assistance to complete your thick client penetration test, you can now avail of ASPIA’s services which are among India’s emerging cybersecurity consulting firms.ASPIA’s dedicated team of security experts will ensure the overall security of your applications, and we’ll provide you risk and threat-free work environment that surely enhance your work experience and your credibility.
Reach us at contact@aspiainfotech.com or contact us.
