ITR is an Interactive TCP Relay software, which allows performing security (and other) tests over Client/Server applications. It allows auditors of Client/Server applications to enjoy the same comfort of Web applications testers using a proxy software with interception capabilities (such as Digizen's Achilles or @Stake's WebProxy).
ITR Serves as a TCP tunnel between the Client and the Server. By instructing the client to open its connection to the ITR instead of the server, the entire connection is shifted to work through the ITR, without the Client or the Server noticing a difference.
Once ITR is operating, the Client must be configured to use it as its server instead of the original server. This setting normally appears either in the registry or in an INI file. Once the client has been set up, it can be launched, and all traffic will now pass through ITR. At this point, ITR should show on its screen all the traffic passing through it, even without intercepting it.
Since displaying the messages on the screen may slow the traffic (especially if there is massive traffic), it is possible to turn ITR into 'silend mode' by clicking the "Don't show messages" checkbox.
It is also possible to log all the traffic passing through the ITR, using the "Save log:" option (Marked in Purple). When the checkbox is checked, the user will be prompted to provide a log filename.
After the tunnel is properly functioning, it is time to start intercepting the data transferring over the socket. ITR supports separate intercepts for Client and/or Server data. The following explanations refers to the outgoing traffic (from the Client to the Server), but the interface operates in the same manner for incoming traffic.
By clicking the 'Intercept' checkbox, ITR moves into interception mode. Every transnmission receieved by ITR, will be queued until manually sent by the user. If the client is sending large transmissions, ITR will break them down according to the buffer size defined in the ITR.ini file, otherwise, ITR will display the entire transmission. At this point, the user can edit the transmission using the Built-in HEXA editor, and send the message using the 'Send' button. This is repeated as necessary. It is possible to move in and out of Intercept mode during the a single session as many times desired.
If several transmissions arrive one after the other without being sent (or a large transmission is broken into several), the messages are queued and will appear in order everytime the user sends another transmission out. The '<' and '>' allow viewing the queued transmissions (sometimes the test requires simply skipping a transmission). The '<+' and '+>' allow joining two transmissionss into one (which may exceed, in this case, the buffer size defined in the INI file).
Last, but not least, comes the 'Inject' button. If the test requires sending additional transmissions, instead of simply manipulating the existing ones, clicking this will open a window which will allow writing a tranmission to be injected on the socket.
As mentioned previously, ITR has a Built-in HEXA editor, and built-in logging capatbilities. By default, ITR assumes that the data transferred over the socket is standard 7-bit ASCII, and represents the HEXAdecimal values using these characters. In some cases, however, the tranmissions may be using a different encoding (for instance, when testing applications working with Mainframes, it is likely that the encoding used will be EBCDIC). ITR Therefore has full support for differnet types of encodings.
The 'Encoding:' setting allows changing the encoding used by ITR, based on a user-provided encoding file. The name of the file should be entered in the input box, followed by pressing 'Set'. ITR will then change its encoding to the one represented by the file. By default, ITR comes with two encoding files: ASCII.enc and EBCDIC.enc. It is simple, however, to write other encoding files (The .enc file format is pretty straight forward, just view the files provided with ITR).
Copyright (C) 2002 WebCohort Inc. All Rights Reserved.
License and Disclaimer information can be found in "Freeware License.txt"