Best Telegram Programming Groups For Coders &Developers   It Wasn’t Me - Secure Your Account   Mr.Robot All Seasons 1,2,3 Full | Free Torrent Download   Mr.Robot All Seasons 1,2,3,4 Full | Watch Online [FREE]   5 Tips Will Keep You Safe During Christmas Holiday’s Online Shopping   You Can Get All Adobe Apps For $30 a Month Right Now   How To Wipe An iPhone Clean (ERASE) Before Selling?   Programming Languages To Learn To Be An Expert Hacker!   Cybercriminals exchange tips on underground forums about avoiding arrests   A comprehensive look into emerging Signal encrypted messaging application   A Detailed Comparison of WhatsApp, Telegram & Signal   How Telegram End-to-end Encryption Works To Provide Security ?   Flubot Malware is Spreading Quickly Through Android Devices   WhatsApp End-to-End Encryption and its Privacy Importance - Alternatives,Signal & Telegram   What is Credit Card Skimming And How To Protect Yourself From it ?   Where to hire react programmer and 3 essential skills to look for   Top 8 Basic Google Search Dorks [Live Examples]   [Penetration Testing] Top 70 Most Interview Questions   Why VPN Is Necessary ? [Detailed Guide]   Top 10 Dangerous Viruses Of All Times   List Of Common HTTP Error Status Codes   “Hello World!” Program In Different Programming Languages   100 Basic Computer Related G.K. Questions   Email Security - Tips And Tricks   Fonts Hub Collection (Free Design Resources)   Top 8 Softwares Free Download - No Credit Card Needed [2022 Update]   Shortcomings That Leads An Entrepreneur Towards Failure   5 Basic Steps To Protect Your Personal Data Online   What is Intel SGX and What are the Benefits ?   15 Things You Need to Know About Maintaining The Logs   How to think like a programmer - lessons in problem solving   How To Get Voice Like Anonymous Voice   Life Story of Microsoft Founder Bill Gates - Documentary   Own Private Search Engine in Linux Will Save Our Privacy   Best Etcher alternatives to Create Bootable USB   Music For Programming - Coding Music / Hacking Music   School Management Software v3.1 Premium + Crack   JavaFX Chat Client/Server + Source Code   Top 25 Keyword Research Tools [Search Engine Optimization]   A Quick SEO Checklist - 2023 Update   Online Domain Authority (DA) Rank Checker Websites   33 Things In SEO For Which Google Will Give Your Student Blog High Positions   How to Close the Site from indexing using robots.txt   10 SEO Tools all Small Businesses Need in 2023   Earth Rise Application + Code   Animation along a path + Code   Zen Pong Game in Java Language + Code   Simple Flying Bird Game + Code Files   Game Snake Simple + Code Files   The Space 'Sun & Earth' | HTML,CSS,JavaScript   File System in Web (Explorer in Windows and Finder in OSX)   Admin Dashboard Template built using Bootstrap + Code   Website Template For Admin Dashboard + Code   Youtube Playlist Downloader Script   How To Create A Stopwatch In Python   Python TicTacToe with Tk and minimax AI   Deskreen turns any device with a web browser into a secondary screen for your computer   Download Algorithms Book | Dummies Store   OSI Model And TCP/IP Model   How to Fix SSH Failed Permission Denied (publickey,gssapi-keyex,gssapi-with-mic)   What Is Load Balancing? Definition and How It Works   How to Setup FTP Server on Your Raspberry Pi   Download Windows 10 Lite Edition x64 | Direct Link   How To Recover Permanently Deleted Files In Windows 10 ?   How to make Fake Error Message Script in Windows   20 Essential Windows keyboard Shortcuts that will make you forget your mouse   How To Fix The DLL Missing Error In Windows 7 ?   Create Hotspot on Windows 10 in 6 steps   Download Microsoft Office Professional Plus 2016   Download DriverPack Solution Offline | Full   How To Create Simple And Password Protected ZIP File in Linux   2 Ways To Save Terminal Output of a Command in Linux   6 Best Tools to Monitor Disk IO Performance in Linux   Top 15 Best Websites (Blogs) to Learn Linux Online   How to Delete files older than 30 Days in Linux   What is the difference between apt and apt-get command   Fail2Ban Installation & Setup: Ubuntu, CentOS, Fedora & Debian   How to List Running Processes in Linux   How to Use the who Command in Linux with Examples   FOREMOST - Recover Permanently Deleted Files Easily in Kali Linux   Funny Linux Commands to Try   Command line interface guidelines, to help you write better command-line programs ...   How to Install Google Chrome Web Browser on Ubuntu 20.04   Learn Adobe Photoshop | 33 Episode Course   Window Privilege Escalation: Automated Script   Linux Privilege Escalation: Automated Script   How To Retrieve & Decrypt Stored Passwords in Firefox & Chrome Remotely   ACLight: An Advanced Privileged Account Discovery Tool   How to change Lock Screen Background on Kali Linux XFCE   Best 20 Kali Linux Tools For Hacking And Penetration Testing   How to Run Windows Application and Games on Kali Linux   How to run C and C++ programs in Kali Linux   Control Kali Linux PC From any Mobile or Tablet   How to Enable root User Account in Kali Linux   How to Configure Static IP address in Kali Linux   Bash vs ZSH in Kali Linux   [Solved] E: Unable to locate package in Kali Linux   Hosting a Local Website with Domain Name on Kali Linux over WiFi   Install Docker in Kali Linux and Run Other OS   How to Install Kali Linux | A Total Guide to Install Kali Linux   NetHunter Rootless - Official Kali NetHunter for non rooted phones   How to set up own VPN server in 10 minutes on Kali Linux using OpenVPN   Configuring The ProxyChains   Install Python3 in Kali Linux   TempoMail - Command Line Temporary Email in Linux   NIPE - Fully Anonymize Total Kali Linux System   How to Install Google Chrome & Chromium on Kali Linux [Official Method]   15 Best Laptops For Kali Linux & Cyber Security - Check This Before Buy   Volatolity - Digial Forensic Testing of RAM on Kali Linux   Limit the Internet Speed of LAN Users [Evil Limiter]   Find Virtual Machine IP Through Kali Linux - 3 Methods   Privilege Escalation with PowerShell Empire and SETOOLKIT [Kali Linux]   How to use kill, pkill and killall Commands to Kill any Linux Process   20 Useful Tar Commands For Extraction and Compression   Create a Fake AP with DNSMASQ and HOSTAPD [Kali Linux]   How to Fully Anonymize Your Linux System with Tor using Nipe   Hack Windows/Linux using ARCANUS Framework – 100% FUD   Simple and Target Mac Flooding - Kali Linux   Get Free Kali Linux on AWS with Public IP - Real Time Penetration Testing   What’s the difference Between Tails and Tor browser?   Does Tor Hide you From Your ISP? Should I surf internet using Tor ?   Wireshark for Pentester: Decrypting RDP Traffic   Exploit Wi-Fi Vulnerabilities with Routersploit on Termux and Linux   Man in The Middle Attack & How To Prevent it   Masscan - 1000 Times Faster Than NMAP   Wireshark - Shark in Wires | Network Protocol Analyzer in Kali Linux   Wifite - Easy Automated Wireless Attack   WiFi-Pumpkin 3 - Dangerous Access Point   Evil Twin Attack with DNSMASQ - Wireless WPA2-PSK Cracking   Sniffing with Rogue Access Point [DNSMASQ and TCPFLOW]   Hack Wi-Fi Settings of Windows Machine Remotely [After Meterpreter]   Wi-Fi deauthentication attack against 802.11 protocol   Bypass Hidden SSID in a Wireless Network [Full Proof Method]   Crack WPA/WPA2-PSK using Aircrack-ng and Hashcat   Crack WPA2-PSK Wi-Fi with automated python script - FLUXION PART 1   Set Default Version of Python : [SOLVED] update-alternatives: error: no alternatives for p   Python Scripting: Information Gathering and Automating Ethical Hacking   15 Essential Meterpreter Commands Everyone Should Know   Find Vulnerable Webcams with Shodan [Metasploit Framework]   TCP & SYN Scanning with Metasploit Framework without NMAP   Meterpreter Useful Top 60 Commands List   The Web Application Hacker's Handbook 2   Hacking GPS Book   MadCam - Termux Hack Front camera by Sending link   How to Download Files In Termux   IPdrone Termux - Find Location of Person it IP in Termux   ReconDog Termux - Best Reconnaissance Tool For Termux   Termux SSH: Use Termux in Windows Using SSH Server   How to Install and Use Fsociety-Tool In Termux   Termux-YTD : Download Youtube Videos with Termux   Use CMatrix Package Like a Pro   L3MON - Access Android Devices Remotely   Hack Android using Metasploit over LAN/WAN   Ghost Framework - Control Android Devices Remotely   Top 10 Vulnerable Android Applications [Penetration Testing]   Find Hidden Subdomains on Any Website with Subfinder   Blind Sql Injection with Regular Expressions Attack   Useful Google Dorks For Bug Bounty Hunters   HTML5 Security CheatSheet - What your browser does when you look away...   30,000 Sites Is In RISK, The Plus Addons For Elementor WordPress Plugin Hacked   WPScan - Find Vulnerabilities in WordPress Websites on Kali Linux   Wapiti - Automated Vulnerability Scanner   Generate 100% FUD Backdoor with TheFatRat - Windows 10 Exploitation   TheFatRat hacking tool to create undetectable backdoors   How to Make a Keylogger in Python + Code   How to create a keylogger in PowerShell ?   Backdoor Program using Python (Remote Access Explain)   Man in the Middle Attack with Websploit Framework   Hack Windows 10 Remotely over WAN with Metasploit [No Port Forwarding]   15 Powerful Gadgets For Ethical Hackers | Hardware Tools for Hackers   Find Vulnerabilities using NMAP Scripts (NSE)   Free Vulnerability Database And Resources   Firefox Browser Vulnerable to (MITM) Man-in-the-Middle Attack   Find Vulnerabilities in Military Networks By Participating Hack The Army Bug Bounty Progr. 

x32x01

ADMINISTRATOR
Traffic analysis is one of the crucial parts of any successful penetration test. In this article, we’re going to discuss some of the different techniques that can be used to analyze thick client applications. If a thick client using HTTP traffic then it is pretty straight forward to intercept the traffic. We can use tools like

To Intercept the HTTP like Traffic:
  • Burp Suite
To Intercept TCP like Traffic:
  • Wireshark
  • MITM Relay + Burp Suite
  • Echo Mirage (Properly Maintained)
As we’re pen-testing Damn Vulnerable thick client applications and DVTA is using non-HTTP protocols for example., FTP. It doesn’t make any HTTP connections so we can’t use Burp Suite directly. So, we have another option to monitor the traffic by using a tool like Wireshark but it doesn’t allow you to tamper with the traffic you can only monitor and understand the traffic. But if our goal is to intercept and modify the traffic, we will have to go with a tool called Echo Mirage.

So, without wasting much time let’s begin the Traffic Analysis.

Table of Content
  • Prerequisites
  • What is Traffic Analysis
  • Traffic Analysis Via Wireshark
  • Traffic Analysis Via Echo Mirage
  • Traffic Analysis Via Burp Suite + MITM Relay
Traffic Analysis
Any Thick client application communicating with the backend means they are sending some data to its backend components like web server, FTP Server, database server, etc. Analyzing the data during transfer is a very crucial part of the analysis of an application. some applications perform data transit without enforcing any encryption. So, the concept of intercepting traffic of thick clients is not much different than thin clients, the tools will differ depending on the protocols used by the application also these applications are non-proxy aware as well the intercepting techniques also will slightly vary.

Prerequisites
  • Wireshark
  • Python 3
  • Burp Suite
  • Echo Mirage
  • Python pip script
  • MITM Relay
Traffic Analysis via Wireshark
As a penetration tester, you must have good knowledge of how to use a network packet sniffer is essential for day-to-day operations. Whether you are trying to understand a protocol, debug a network client or analyze traffic, you’ll always end up needing a network sniffer.

Examining the traffic between the tested thick client application and the server might reveal sensitive and unencrypted data such as:
  • Most Sensitive data transferred over an unencrypted tunnel such as clear-text credentials/secrets/API Keys etc.
  • HTTP and HTTPS web endpoints
  • File blobs/chunks sent over the wire
  • Proprietary protocols used by the program
We are going to analyze FTP traffic that’s generated by DVTA. For this, we are going to use the LoopBack address. So, first of all, Launch Wireshark and choose “Adapter for loopback Traffic Capture”.

1.png

Then after launch modified DVTA application and login to the application by using admin credentials as shown below.

2.png

As you can see, we have successfully logged in and it showing Backup data to FTP server

3.png

When you click backup data to FTP server it will make an FTP connection with the FTP server and it will try to upload some data to FTP server. After uploading the data, it will show you a Success message as shown below.

4.png

Just after Backup data to the FTP server come back to Wireshark and stop capturing the data so that it won’t capture unnecessary data as shown in the below image. Apply the filter of FTP protocol so that only shows the traffic captured of DVTA application while uploading data to the FTP server.

5.png

Now what we are interested in is the credentials that might be used by the DVTA application to login to the FTP server. We can check them by observing the captured FTP traffics. If you notice the first packet is the response from the FileZilla server and then we have a command “USER and the USER name: DVTA”. Then after in the third line, there is a response from the FTP server saying the password is Required for DVTA and in the next line, there is a “Password: p@ssw0rd” that was sent by the client.

6.png

Now it’s pretty clear that the user name and password are available for us. So, let’s quickly open a browser and surf to ftp://127.0.0.1 and try to use the credentials here that we have captured as shown below.

7.png

And here you go…, as you can see, we have successfully connected to the FTP server and we can download everything that is available in that folder as shown below. This is how an attacker grab credentials that are being used by the application in the client site. They can probably do some Wireshark capture and if the credentials are found in clear text, they can easily login to the FTP server and can tamper or download the data easily.

8.png

Traffic Analysis via Echo mirage
Download and Extract Echo Mirage into your desirable folder. You can download Echo Mirage from here:
Let’s open up the EchoMirage application.

9.png

and it will open EchoMirage for us

10.png

But also remember one thing don’t forget to delete the FTP CSV file that you have uploaded earlier by using DVTA application so that we can upload a new copy again. Now again open the DVTA application and login into the Application by using admin credentials.

11.png

So, we have successfully logged into DVTA application and when we click on “Backup data to FTP server” then we want to be able to see what’s going on using EchoMirage. To do this create a new Rule by going to “Rule > New Rules” choose the direction to “Any” as we want to capture traffic only from the port of 21 so “set the Port to Port no. 21” then after click on “intercept” and then save the configuration by hitting “ok” as shown below

12.png

Now here we can see the Rules created by us, as we can see we are going to intercept all the traffic that’s going to outbound and inbound also we are going to intercept the traffic of port 21 only.

13.png

Now, navigate to Process and click on inject

14.png

and we are going to see all the process that is running on your machine. But we are interested to see the traffic only from DVTA.exe so select it and inject it into a process

15.png

Navigate to the tab of Traffic.Log then go to the DVTA application and click on Backup Data to FTP Server. Come back to Echo Mirage and here If you see it started capturing traffic from DVTA.exe.

But we’re not interested in this so just hit OK and forward the traffic.

16.png

If you see there is a response coming from files FileZilla server and click ok once again..

17.png

And if you see here the user name is being sent to the FTP server

18.png

And the response from FTP server says that password required for DVTA. Hit ok and forward the Traffic.

19.png

As you can see the password can bee is seen in clear text “p@ssw0rd”. The DVTA client is sending its password to the FTP server

20.png

And as you can see, you’re logged in now

21.png

If you are still observing the traffic then you should see some file being uploaded onto their FTP server just hit ok and forward the traffic.

22.png

You can see here that ftp-admin.csv is being uploaded here.

23.png

In the last, you can see the response successfully transferred ftp-admin.csv and you can find that file on your desktop

24.png

Traffic Analysis via Burp Suite + MITM Relay
First of all, you need to download MITM Relay from GitHub or also you can directly download it from here:
25.png

Download and Extract in your work folder

26.png

MITM Relay is a python script and it works fine with Python 3 so download and installs it by going to the official website of python or you can also download it from here:
27.png

In manner to download repositories from python, “get-pip” needs to be available in your system you can get it from here: –
All you need to do is save the source code by giving it a right-click and select the option “save as” and save it into your working folder by the name of get-pip as shown below

28.png

Let’s quickly open up the Power Shell and navigate to the directory of python3. It can easily be founded in c drive and then run get-pip.py script from here as shown below

29.png

As you can see pip is successfully downloaded in the above Image now let’s install the Requests module because if you look at MITM Relay it makes use of a module called Requests. To check this all you need to do is go to the directory of MITM Relay and open MITM relay with the option of “Edit with IDLE”

30.png

As you can see here MITM Relay makes use of a module named Requests

31.png

And by default, the Requests module is not installed. This can be installed by running this command
Code:
python3 -m pip install requests

And it will install the requests module for us.

32.png

Let’s install Burp Suite

You can download the Burp Suite community edition from here:
34.png

The installation is straight forward you don’t need to change anything during the installation process. After downloading the Burp Suite open it

35.png

Start the Burp Suite and go to the proxy and select options and if you see it is listening on the “port 8080”

36.png

Let’s open up the DVTA.exe application and configure the server to the IP address of the local machine such as 192. 168.0.103.

38.png

Now open up the FileZilla Server interface and stop the FTP server interface

and then go to “Edit > Settings” and change the value of “Listen on these ports: 2111” because in this scenario our MITM Relay is also running on port no. 21 and FileZilla server is also listening on port no. 21 and it is not possible to run both services on same port so, that’s why we change the port 21 to 2111 here. This happens just because of we are running FileZilla server and MITM relay in same machine in the real-life penetration testing these services are running on different machines so we don’t face these problems there. There is another setting that you have to change in security settings that is to “Disable IP check”.

39.png

Then go to “Edit > Settings”

40.png

and change the value of “Listen on these ports: 2111” because in this scenario our MITM Relay is also running on port no. 21 and FileZilla server is also listening on port no. 21 and it is not possible to run both services on same port so, that’s why we change the port 21 to 2111 here. This happens just because of we are running FileZilla server and MITM relay in same machine in the real-life penetration testing these services are running on different machines so we don’t face these problems there.

41.png

There is another setting that you have to change in security settings that is to “Disable IP check”. If you don’t do this the file upload will fail because the source which is originating the file transfer and the address where the data connection is controlled are not going to match that’s why we disabled the IP check.

42.png

And at last start the FTP server.

43.png

Come back to the Power Shell and start the MITM Relay

All you need to do is go to the directory of MITM Relay and copy the location of MITM Relay and open it into a power shell by just running these commands.
Code:
cd (directory of MITM Relay)
Code:
python3.exe .\mitm_relay.py -l 0.0.0.0 -r tcp:21:192.168.0.103:2111 -p http://127.0.0.1:8080

where -l is the listening address which is 0.0.0.0 so that we can listen to all the interfaces.

-r stands for the relay. We are setting up relay here using tcp:21 and the destination address is going to be 192.168.0.103 this is the destination address where FTP server is running and the port on which the FTP server on the destination server is running is 2111.

And in last -p stands for the proxy. We set it up to 127.0.0.1:8080 this is the address where the Burp Suite is running.

44.png

Let’s come back to the DVTA application and log In to the application using the admin credentials

45.png

And then come back to Burp Suite and navigate to the tab of “proxy > Intercept” and “Turn on the Intercept” and so that it will start capturing the traffic coming from DVTA.

46.png

Now, come back to DVTA application and hit “Backup Data to FTP Server”

47.png

Come back to the Burp Suite and look at where it started intercepting the Traffic from DVTA that is a response coming from the FTP server.

48.png

Click forward and look on the next screen there is a user name with the user command being sent from the client. On the first line there you can see the client request and forward this

49.png

Now we’re getting server response which is the password required for the DVTA. On the next screen, the client may send the password to see this just forward the Traffic

50.png

Look at the bottom using the pass command it sending the password: – P@ssw0rd

51.png

Now the next subsequent request will upload the file onto the server so we can see that here on next request the user is logged on forward the traffic

52.png

After forwarding some of requests there is a store request which is uploading the “ftp-admin.csv” file. Forward the request to next

53.png

And on the next request there is a response from the server that is opening the data channel for the file upload

54.png

Let’s forward the traffic and it is completed the upload.

55.png

This is how we can use MITM Relay to intercept and analyze the TCP traffic using Burp Suite.

This is looking good we have grabbed the FTP username and password that is coming from the client. In the next part, we will perform some attacks on the thick client.
 
Top