Systems application proxy pwnage

Presentation by Ian de Villiers at 44Con in 2011.

This presentation is about the protocol used by SAP GUI and how it makes SAP applications vulnerable to attack. SApCap and SAPProx, tools developed by the presenter, are discussed. SAPProx is a SAP GUI proxy tool. SApCap is a packet sniffer, decompressor and protocol analysis tool for SAP GUI. A few practical SAP application attacks are discussed.