Penetration Testing mailing list archives
Re: Hijacking Java Classes
From: jim () tuna openans co uk
Date: Thu, 29 Dec 2005 10:05:22 +0000 (GMT)
On Thu, 29 Dec 2005 funkyforumemail () hotmail com wrote:
I have a java .jar, and would like to write the variables being sent to a particular class into a seperate file, then continue to execute the class as normal. An example would be a login.class, i would like to intercept the username and password going into the class file. The point is that I dont have the original source code, and decompiling and recompiling the class is difficult. Replacing the class with my own and somehow resume normal execution seems to be the best way. Please help.
Decompiling, editing and recompiling is probably the best way of doing this, and it's probably the most stealthy. In order to override the existing class your class would have to have the same name as the target one, making it difficult to call the original class. You could do this, but your new class would then have to have the functionality of the original; renaming the original is not an option since the package name is defined at compile time AKAIK.
Regards, Jim Halfpenny ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Hijacking Java Classes funkyforumemail (Dec 28)
- Re: Hijacking Java Classes jim (Dec 29)
- Re: Hijacking Java Classes Michael Ligh (Dec 29)
- Re: Hijacking Java Classes Dean H. Saxe (Dec 29)