{"id":48,"date":"2008-07-11T14:32:00","date_gmt":"2008-07-11T19:32:00","guid":{"rendered":"http:\/\/www.rajatswarup.com\/blog\/?p=48"},"modified":"2010-02-10T23:40:31","modified_gmt":"2010-02-11T04:40:31","slug":"echo-mirage-and-uhooker","status":"publish","type":"post","link":"https:\/\/www.rajatswarup.com\/blog\/2008\/07\/11\/echo-mirage-and-uhooker\/","title":{"rendered":"Echo Mirage and UHooker"},"content":{"rendered":"<p>It can get interesting to test the security of thick client applications.  If you start debugging you could end up losing a lot of time with not too many results.  Of course, time is always at a premium when you pen testing in a week long gig.  There are a couple of tools that can really help you to gain insight into a thick client (i.e., an application written in a binary format such as an executable, ActiveX control, flash object, etc.) and communicating to a server using the client\/server model.  <br \/>The need for a proxy to hook into the communications is a prime need and <a href=\"http:\/\/www.bindshell.net\/tools\/echomirage\">EchoMirage<\/a> can do a great job of hooking into function calls related to win32 sockets, openssl functions.  You have to select an active process for Echomirage to inject into or you can even spawn a process from the menu options in EchoMirage itself.  It&#8217;s a great tool with a built-in editor so you can edit the traffic.  However, sometimes you have to be careful because it&#8217;s binary data that you are editing so while editing it is easy to mess up a few flags, etc.<br \/>Another great tool is actually a plugin for <a href=\"http:\/\/www.ollydbg.de\/\">OllyDbg<\/a> called <a href=\"http:\/\/oss.coresecurity.com\/projects\/uhooker.htm\">UHooker<\/a> that can let you specify which functions you want to place a hook into.  You have to configure a binary editor of your choosing and the functions to be hooked into in a .cfg file. The documentation for Uhooker is located <a href=\"http:\/\/oss.coresecurity.com\/uhooker\/doc\/index.html\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It can get interesting to test the security of thick client applications. If you start debugging you could end up losing a lot of time with not too many results. Of course, time is always at a premium when you pen testing in a week long gig. There are a couple of tools that can [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[198,197],"tags":[280,282,253,283,465,281],"class_list":["post-48","post","type-post","status-publish","format-standard","hentry","category-reversing","category-tools","tag-echomirage","tag-mitm","tag-ollydbg","tag-thickclient","tag-tools","tag-uhooker"],"_links":{"self":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts\/48","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/comments?post=48"}],"version-history":[{"count":1,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts\/48\/revisions"}],"predecessor-version":[{"id":123,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts\/48\/revisions\/123"}],"wp:attachment":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/media?parent=48"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/categories?post=48"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/tags?post=48"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}