Re: Hijacking Java Classes

[jim () tuna openans co uk]

On Thu, 29 Dec 2005 funkyforumemail () hotmail com wrote:

> I have a java .jar, and would like to write the variables being sent to a particular class into a seperate file, then 
> continue to execute the class as normal. An example would be a login.class, i would like to intercept the username and 
> password going into the class file. The point is that I dont have the original source code, and decompiling and 
> recompiling the class is difficult. Replacing the class with my own and somehow resume normal execution seems to be the 
> best way.
>
> Please help.

Decompiling, editing and recompiling is probably the best way of doing 
this, and it's probably the most stealthy. In order to override the 
existing class your class would have to have the same name as the target 
one, making it difficult to call the original class. You could do this, 
but your new class would then have to have the functionality of the 
original; renaming the original is not an option since the package name is 
defined at compile time AKAIK.

Regards,
Jim Halfpenny

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------