a Freeware tool that hooks into an application’s process and enables us to monitor the network interactions.
This process can be done with a running process, or it can run the application on the user’s behalf. This type of security testing falls under Thick Client Application Security Testing.
Thick Clients Applications can be further divided into two parts:
- Proxy-aware Thick Clients
- Proxy-Unaware Thick Clients
Proxy-aware Thick Clients
If a Thick Client can set up a proxy server, then it is known as a Proxy-aware Thick Client. Examples of Proxy-aware Thick Clients are Microsoft Outlook, Google Talk, Yahoo Messenger, etc. Such applications typically require the user to install them on their systems, thus making them run completely on the user’s system and utilizing the system’s resources and making them reliant on the local systems security. Tools such as Burp Suite can be used to test such clients.
Proxy-Unaware Thick Clients
If a Thick Client does not have the ability to set up a proxy server, then it is known as a Proxy-Unaware Thick Client. Such clients are therefore difficult to test because of the problems faced while setting up a proxy. This is where Echo Mirage comes into play.
Echo Mirage allows us to see and edit the data being exchanged be it encrypted or unencrypted session. In the event wherein a user’s system has been compromised by an exploit/payload, Echo Mirage can be used to hook into the compromised process, and the communication between the attacker’s machine and the victim’s machine can be intercepted. This can give insight to what kind of information the attacker is looking for on the victim’s machine.
Few more features of Echo Mirage:
- Traffic Log: Traffic log, as the name suggests, keeps a detailed history of the entire communication that took place. We can, at any given point of time, go back to the logs and re-check any data that we might’ve missed.
- Rules: Echo Mirage has another feature called rules. This feature enables us to make custom rules that would intercept certain calls made by the application. Rules can be created to intercept only the inbound traffic or outbound traffic, or both made to a certain address on a particular port. Rules can also be made to define pre-defined actions and search for certain keywords based on muti-lined, case sensitivity, single-lined, extended or anchored. New rules can be made by clicking on the Green Plus Icon on the top. Echo Mirage also gives us the ability to export the user defined rules or import new rules.
In conclusion, Echo Mirage is an effective tool to test Proxy-Unware Thick Client Applications. Other tools such as Burp Suite can be configured to some extent to do the same job. However, they may not present the same results as Echo Mirage.
