Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Forms D2K Application Testing
From: "arvind doraiswamy" <arvind.doraiswamy () gmail com>
Date: Fri, 18 Apr 2008 12:33:41 +0530

Hi Anant,
Any chance this is a JAVA Applet? If yes then there's probably
encryption built in by the developers and you see just junk in the
proxy editor. Is it web based or is it a thick client? Try and
identify when encryption happens and how the application is doing it.
Maybe decompile Java class files? If its not an applet then its
probably a thick client with custom encryption built in. Try and
identify what encryption it is.

Cheers
Arvind

On Thu, Apr 17, 2008 at 10:19 AM,  <iyer.anant.r () gmail com> wrote:
Hello,


 I need some in carrying out an application penetration testing of a Forms & D2K applications which are web-enabled. 
How does on intercept the traffic (like any HTTP Proxy)? Even though the application is web-enabled, the proxy I am 
using (WebScarab) does capture the data, but it does not make any sense ( Am I missing out on some trick here?)


 Any help will be  deeply appreciated.


 Regards,


 Anant Iyer

 ------------------------------------------------------------------------
 This list is sponsored by: Cenzic

 Need to secure your web apps NOW?
 Cenzic finds more, "real" vulnerabilities fast.
 Click to try it, buy it or download a solution FREE today!

 http://www.cenzic.com/downloads
 ------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault