Home » How to capture and intercept encrypted traffic for proxy unaware thick client applications that possibly use DNS filters and loopback traffic themselves? (specific scenario)

How to capture and intercept encrypted traffic for proxy unaware thick client applications that possibly use DNS filters and loopback traffic themselves? (specific scenario)

by Reddit » Hacking
0 comment

Hello,

I am doing an application analysis and have been stuck on this issue for a while. You help would be appreciated.

It is a windows desktop application that runs in the background. It is a proxy unaware thick client application. I have tried intercepting the traffic using BurpSuite and using the invisible proxy method. The problem here is that the application updates the host file to loop back the traffic to access a file(possibly a DNS filtering file – I am unable to find info about this) before sending data to the servers. If I setup a manual loopback in the hosts file and comment the existing route, the application stops working all together.

The burpsuite is not able to detect the traffic altogether but wireshark was able to capture encrypted traffic and EchoMirage is also able to intercept the ethernet traffic.

I am possibly looking in two different directions as solution:

Can I decrypt the encrypted traffic captured in wireshark? The BurpSuite CA certs are already stored in Trusted Root CA store.

I have a Windows VM running on VMware. I have setup another VMware VM inside this VM. If I install the application in the innermost VM, can I capture the traffic going in/out of the VM in the outer VM and decrypt/intercept traffic on the fly?

Any leads are appreciated. Thanks

Source: Read More

You may also like

Leave a Comment

CyberNonStop

Cybernonstop is created to bring news and knowledge through articles to visitors.

Do not forget to subscribe.

Laest News

@2021 – All Right Reserved. Designed and Developed by PenciDesign