Awesome
THICK CLIENT PENTESTING CHECKLIST
OWASP Based Checklist 🌟🌟
80+ Test Cases 🚀🚀
Notion link: https://hariprasaanth.notion.site/THICK-CLIENT-PENTESTING-CHECKLIST-35c6803f26eb4c9d89ba7f5fdc901fb0 </br></br>
-
INFORMATION GATHERING
Information Gathering
- Find out the application architecture (two-tier or three-tier)
- Find out the technologies used (languages and frameworks)
- Identify network communication
- Observe the application process
- Observe each functionality and behavior of the application
- Identify all the entry points
- Analyze the security mechanism (authorization and authentication)
Tools Used
- CFF Explorer
- Sysinternals Suite
- Wireshark
- PEid
- Detect It Easy (DIE)
- Strings
-
GUI TESTING
Test For GUI Object Permission
- Display hidden form object
- Try to activate disabled functionalities
- Try to uncover the masked password
Test GUI Content
- Look for sensitive information
Test For GUI Logic
- Try for access control and injection-based vulnerabilities
- Bypass controls by utilizing intended GUI functionality
- Check improper error handling
- Check weak input sanitization
- Try privilege escalation (unlocking admin features to normal users)
- Try payment manipulation
Tools Used
- UISpy
- Winspy++
- Window Detective
- Snoop WPF
-
FILE TESTING
Test For Files Permission
- Check permission for each and every file and folder
Test For File Continuity
- Check strong naming
- Authenticate code signing
Test For File Content Debugging
- Look for sensitive information on the file system (symbols, sensitive data, passwords, configurations)
- Look for sensitive information on the config file
- Look for Hardcoded encryption data
- Look for Clear text storage of sensitive data
- Look for side-channel data leakage
- Look for unreliable log
Test For File And Content Manipulation
- Try framework backdooring
- Try DLL preloading
- Perform Race condition check
- Test for Files and content replacement
- Test for Client-side protection bypass using reverse engineering
Test For Function Exported
- Try to find the exported functions
- Try to use the exported functions without authentication
Test For Public Methods
- Make a wrapper to gain access to public methods without authentication
Test For Decompile And Application Rebuild
- Try to recover the original source code, passwords, keys
- Try to decompile the application
- Try to rebuild the application
- Try to patch the application
Test For Decryption And DE obfuscation
- Try to recover original source code
- Try to retrieve passwords and keys
- Test for lack of obfuscation
Test For Disassemble and Reassemble
- Try to build a patched assembly
Tools Used
- Strings
- dnSpy
- Procmon
- Process Explorer
- Process Hacker
-
REGISTRY TESTING
Test For Registry Permissions
- Check read access to the registry keys
- Check to write access to the registry keys
Test For Registry Contents
- Inspect the registry contents
- Check for sensitive info stored on the registry
- Compare the registry before and after executing the application
Test For Registry Manipulation
- Try for registry manipulation
- Try to bypass authentication by registry manipulation
- Try to bypass authorization by registry manipulation
Tools Used
- Regshot
- Procmon
- Accessenum
-
NETWORK TESTING
Test For Network
- Check for sensitive data in transit
- Try to bypass firewall rules
- Try to manipulate network traffic
Tools Used
- Wireshark
- TCPview
-
ASSEMBLY TESTING
Test For Assembly
- Verify Address Space Layout Randomization (ASLR)
- Verify SafeSEH
- Verify Data Execution Prevention (DEP)
- Verify strong naming
- Verify ControlFlowGuard
- Verify HighentropyVA
Tools Used
- PESecurity
-
MEMORY TESTING
Test For Memory Content
- Check for sensitive data stored in memory
Test For Memory Manipulation
- Try for memory manipulation
- Try to bypass authentication by memory manipulation
- Try to bypass authorization by memory manipulation
Test For Run Time Manipulation
- Try to analyze the dump file
- Check for process replacement
- Check for modifying assembly in the memory
- Try to debug the application
- Try to identify dangerous functions
- Use breakpoints to test each and every functionality
Tools Used
- Process Hacker
- HxD
- Strings
-
TRAFFIC TESTING
Test For Traffic
- Analyze the flow of network traffic
- Try to find sensitive data in transit
Tools Used
- Echo Mirage
- MITM Relay
- Burp Suite
-
COMMON VULNERABILITIES TESTING
Test For Common Vulnerabilities
- Try to decompile the application
- Try for reverse engineering
- Try to test with OWASP WEB Top 10
- Try to test with OWASP API Top 10
- Test for DLL Hijacking
- Test for signature checks (Use Sigcheck)
- Test for binary analysis (Use Binscope)
- Test for business logic errors
- Test for TCP/UDP attacks
- Test with automated scanning tools (Use Visual Code Grepper - VCG)