What is a thick client application
Thick client applications generally installed on a user’s local desktop/laptop/workstation. They sometimes called as Desktop Application.
These applications can run own its own (independently) without need to be connected to the internet. Best examples are desktop chat applications such as Teams, Zoom, Slack, etc.
Types of thick client based on proxy configuration
There are two:
-
Proxy aware: The type that have an option to configure the proxy settings in it so a user could monitor the outgoing and incoming communications through the proxy server/tool.
-
Proxy unaware: The type that have no option to configure the proxy settings. To monitor the requests, the user needs to make changes on their own machine’s host file.
How to configure
We had a situation where we required to perform a security assessment against the proxy unaware type thick client. To ensure we were able to collect all the incoming and outgoing requests, we configured our machine as the following:
Initial process
After configuring
Steps
- Edit the
/etc/hostsfile as the following (you may need to be a superuser):
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
127.0.0.1 targetapi.io
- In BurpSuite, navigate to your Proxy setting and add configure the Proxy Listeners to bind to the actual
targetapi.ioport (in this case is443and set it as “Loopback only”
- In the Request Handling, add the actual IP address of the
targetapi.ioand port443. Tick on “Force use of TLS” (if it communicates over TLS) and enable invisible proxying. You may need to play around with the invisible proxying sometimes.
That’s all. Now you should be able to capture the thick client’s upcoming and outgoing requests in your BurpSuite.
Worth noting that if you are using port below 1024 in Burp’s proxy setting, you may need to run it as a superuser.