Re: Forms D2K Application Testing

Hi Anant,
Any chance this is a JAVA Applet? If yes then there's probably
encryption built in by the developers and you see just junk in the
proxy editor. Is it web based or is it a thick client? Try and
identify when encryption happens and how the application is doing it.
Maybe decompile Java class files? If its not an applet then its
probably a thick client with custom encryption built in. Try and
identify what encryption it is.

Cheers
Arvind

On Thu, Apr 17, 2008 at 10:19 AM, <iyer.anant.r@xxxxxxxxx> wrote:
Hello,


I need some in carrying out an application penetration testing of a Forms & D2K applications which are web-enabled. How does on intercept the traffic (like any HTTP Proxy)? Even though the application is web-enabled, the proxy I am using (WebScarab) does capture the data, but it does not make any sense ( Am I missing out on some trick here?)


Any help will be deeply appreciated.


Regards,


Anant Iyer

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------