Thick-client applications (2/3) – Security Testing Handbook for Banking Applications

3: The Tools of the Trade
The tool provides us with a list of all running TCP
processes. It can resolve remote addresses and also provides
the current state of TCP processes. This data can also be
saved offline.
Figure 29: TCPView
3: The Tools of the Trade
Wireshark is a packet capture and protocol analyser tool. It
can be run in promiscuous mode to capture the data flowing
out from the machine and applying the proper filters to get
down to packets related to the application we are testing.
The protocol analyser feature of the application gives us
more insight into the running protocols. Also if the running
protocol is TCP, the option of ‘follow TCP stream’ is a
great help in analysis.
Figure 30: Wireshark
3: The Tools of the Trade
Filemon is used for monitoring the changes done by thick
client applications in local files. Almost all thick clients
write something in the local files. So it becomes very
important for a security tester to keep an eye on whether
any sensitive data (look specially for passwords, logs or any
other information which should not be disclosed) is written
into local files by the application. Filemon by default starts
monitoring all the running processes. By setting up proper
filters, it can be set only to capture the data related to a
particular process. The tool lists various requests
(Read/Write/Open/Close/Query Information) and path
accessed, along with results and other information.
Figure 31: Filemon
3: The Tools of the Trade
Regmon is similar to Filemon. Just as Filemon monitors
local files for changes, Regmon monitors the local registry
for changes. Follow the same approach for testing.
Figure 32: Regmon
IDA Pro is a disassembler used to reverse engineer binaries
to assembly code, and sometimes to its original C source
code. Reverse engineering is used for several types of
attacks – cracking licences, analysing algorithms, stealing
hard-coded secrets, etc.
3: The Tools of the Trade
Figure 33: IDA Pro