Home / Thick Client Userfull Link's
-
Damn Vulnerable Thick Client App - DVTA is a vulnerable thick client application developed in C# .NET.
-
Vulnerable Java (EE) Application - DVJA is a vulnerable thick client application developed in JAVA.
Thick Client Penetration Testing Methodology - With Tool's
- DVTA - Part 1 - Setup
- DVTA - Part 2 - Cert Pinning and Login Button
- DVTA - Part 3 - Network Recon
- DVTA - Part 4 - Traffic Tampering with dnSpy
- DVTA - Part 5 - Client-side Storage and DLL Hijacking
-
Part 2 - Traffic Analysis Using DAMN Vulnerable Thick Client App
-
Part 3 - Data Storage Issues with DAMN Vulnerable Thick Client App
-
Part 4 - Injection Attacks Using DAMN Vulnerable Thick Client App
-
Part 5 - Reversing & Decrypting Database Credentials using Damn Vulnerable Thick Client App
-
Part 6 - Reversing & Patching .NET Applications using Damn Vulnerable Thick Client App
-
Part 7 - DLL Hijacking using Damn Vulnerable Thick Client App
-
Part 10 - Reversing & Patching .NET Applications with ILSpy & Reflexil
-
Thick Client Proxying - Part 1: Burp Interception and Proxy Listeners
-
Thick Client Proxying - Part 2: Burp History, Intruder, Scanner and More
-
Thick Client Proxying - Part 5: FileHippo App Manager or the Bloated Hippo
-
Thick Client Proxying - Part 7 - Proxying .NET Applications via Config File
-
Thick Client Proxying - Part 8 - Notes on Proxying Windows Services
-
Thick Client Proxying - Part 11 - GOG Galaxy and Extract-SNI
Interception proxies:
- Burp Suite
- Fiddler
- Echo Mirage
- Charles
- Mallory
- JavaSnoop
- TCPDump
- Wireshark
- Sysinternals Utilities - (Process Monitor, Regedit, Regshot, AccessEnum) GitHub
- CFF Explorer & For Other Tools
- Java Byte Code Editor
- JD GUI
- Ollydbg
- PE Explorer
- PEid
- UPX Decompression
- .Net Reflector
- IL Spy
- Winhex
- Volatility
- Tsearch ( find and replace strings in memory)
- Userdump
- Metasploit - used for side loading/ DLL and Exe injection
-
CFF Explorer - A tool that was designed to make PE editing as easy as possible without losing sight of the portable executable’s internal structure.
-
PEid - A tool that detects most common packers, cryptors and compilers for PE files.
-
Detect It Easy (DIE) - A program for determining file types for Windows, Linux and macOS.
-
Strings - A tool that scans any files you pass it for UNICODE or ASCII strings of a default length of three or more UNICODE or ASCII characters.
-
dnSpy - A .NET debugger and assembly editor.
-
ILSpy - ILSpy is the open-source .NET assembly browser and decompiler.
-
JetBrains DotPeek - A program for determining types of files for Windows, Linux, and macOS.
-
de4dot - .NET deobfuscator and unpacker.
-
NeonFuscatorDeobfuscator - .NET deobfuscator for Autori Obfuscator (NeonFuscator).
-
Wireshark - Wireshark is the world’s foremost and most widely-used network protocol analyzer.
-
TCPView - TCPView is a Windows program that shows detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and the state of TCP connections.
-
SmartSniff - SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter and view the captured data as sequence of conversations between clients and servers.
-
tcpdump - tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
-
Microsoft Network Monitor 3.4 - Microsoft Network Monitor 3.4 is a tool for network traffic capture and protocol analysis.
-
Burp Suite - Burp Suite Professional is an advanced set of tools for testing web security.
-
Fiddler - Fiddler is a free web debugging tool which logs all HTTP(S) traffic between your computer and the Internet.
-
Echo Mirage - Echo Mirage is a versatile local proxy tool that can be used to intercept and modify TCP payloads for local Windows applications.
-
Charles Web Debugging Proxy - Charles is an HTTP proxy that enables to view all of the HTTP and SSL / HTTPS traffic between the local machine and the Internet. This includes requests, responses and the HTTP headers.
-
Process Monitor - An advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
-
Regshot - An open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compares it with a second one – used after doing system changes or installing a new software product.
-
Process Explorer - Provides the functionality of the Windows Task Manager along with a rich set of features for collecting information about processes running on the user’s system. It can be used as the first step in debugging software.
-
Process Hacker - A free, powerful multi-purpose tool that helps you monitor system resources, debug software and detect malware.
-
DLLSpy - A tool that detects DLL hijacking in running processes and services and in their binaries.
-
Robber - An open-source tool for finding executables prone to DLL hijacking.
-
Ghidra - A suite of free software reverse engineering tools developed by the NSA’s Research Directorate. It was originally exposed in WikiLeaks’s “Vault 7” publication and is now maintained as open-source software.
-
Immunity Debugger - Immunity Debugger is a powerful new way to write exploits, analyze malware and reverse engineer binary files.
-
Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux or macOS.
-
IDA Free - It also has a free version
-
OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
-
Radare2 - Open source, cross-platform reverse engineering framework.
-
dnSpy - A tool to reverse engineer .NET assemblies.
-
x64dbg - Open source x64/x32 debugger for windows.
-
JetBrains DotPeek - Free .NET decompiler and assembly browser.
-
ILSpy - Open-source .NET assembly browser and decompiler.
-
JD-GUI - A standalone Java decompiler GUI.
-
Jadx - Dex to Java decompiler.
-
Bytecode Viewer - A lightweight user-friendly Java bytecode viewer.
-
Luyten - An Open source Java Decompiler GUI for Procyon
-
PE Explorer - View, Edit and Reverse Engineer EXE and DLL Files.
-
UPX Decompression - A free, portable, extendable, high-performance executable packer for several executable formats.
-
Frida - A dynamic instrumentation toolkit for developers, reverse-engineers and security researchers.
-
WinSpy++ - A tool whose purpose is to help you view and modify the properties of any window in your system with great ease.
-
WinManipulate - A simple tool to manipulate window objects in Windows.
-
Windows Enabler - A simple tool that lets you activate functions your thick client application has blocked.
-
Winhex - An advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
-
Volatility - An open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compares it with a second one – used after doing system changes or installing a new software product.
-
Process Explorer - Provides the functionality of the Windows Task Manager along with a rich set of features for collecting information about processes running on the user’s system. It can be used as the first step in debugging software.
-
Strings - Strings scans any file you pass it for UNICODE or ASCII strings with a default length of three or more UNICODE or ASCII characters.