Wednesday 20 July 2022

[Tips & Tricks] Configuring BurpSuite to capture requests from a proxy unaware thick client

Configuring BurpSuite to capture requests from a proxy unaware thick client

What is a thick client application

Thick client applications generally installed on a user’s local desktop/laptop/workstation. They sometimes called as Desktop Application.

These applications can run own its own (independently) without need to be connected to the internet. Best examples are desktop chat applications such as Teams, Zoom, Slack, etc.

Types of thick client based on proxy configuration

There are two:

  1. Proxy aware: The type that have an option to configure the proxy settings in it so a user could monitor the outgoing and incoming communications through the proxy server/tool.

  2. Proxy unaware: The type that have no option to configure the proxy settings. To monitor the requests, the user needs to make changes on their own machine’s host file.

How to configure

We had a situation where we required to perform a security assessment against the proxy unaware type thick client. To ensure we were able to collect all the incoming and outgoing requests, we configured our machine as the following:

Initial process

After configuring

Steps

  1. Edit the /etc/hosts file as the following (you may need to be a superuser):
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1       localhost
127.0.0.1       targetapi.io
  1. In BurpSuite, navigate to your Proxy setting and add configure the Proxy Listeners to bind to the actual targetapi.io port (in this case is 443 and set it as “Loopback only”


  1. In the Request Handling, add the actual IP address of the targetapi.io and port 443. Tick on “Force use of TLS” (if it communicates over TLS) and enable invisible proxying. You may need to play around with the invisible proxying sometimes.

That’s all. Now you should be able to capture the thick client’s upcoming and outgoing requests in your BurpSuite.
Worth noting that if you are using port below 1024 in Burp’s proxy setting, you may need to run it as a superuser.

Share: