Application Testing

This topic contains 1 reply, has 2 voices, and was last updated by  MTGreen 1 year, 2 months ago.

  • Author
    Posts
  • #169326
     Michael J. Conway 
    Participant

    This goes with what I want to do with my home pentest lab that I am working on. I am an avid gamer and enjoy, not just the game, but the community that makes the game what it is. In this case, one of the games I actively play, Thin Infinite Black (TIB) by Spellbook Studios, is actively developing a follow up to that game and will be opening it to the community that backed its’ Kickstarter to do beta testing. So my current plan is to be brutal to the client application. The client application is cross-platform and can be found for Android, iOS, Mac, and Linux.

    The current application makes me wonder what I will find with the new version. Since there is a EULA in place, I have not really poked around the current version as I don’t feel like getting banned. However, my plan is slightly different for the beta.

    The plan:

    1. Get permission form developer
    2. Install in a VM
    3. Attach to debugger (x64debug)
    4. Setup network sniffer (Wireshark)
    5. Hunt down any xml files
    6. Use a proxy (Burp Suite or similar)

    After all that is set up, my plan is to fuzz whatever I can fuzz as well as look at the traffic it generates to see what I can find there. As of right now I am not planning anything against the server nor modifying the client.

    What do you all think?

    https://www.spellbook.com/tib/
    https://x64dbg.com/#start
    https://portswigger.net/burp/
    https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
    https://www.wireshark.org/#download

  • #169327
     MTGreen 
    Participant

    I think that sounds like a plan.

    It is great to have an objective for your home lab, and with permission from the developer you will have room to move. I would like to learn about the permission and how it is expressed. I would also be glad to learn of interesting developments along the way (hopefully not getting banned).

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?