WebApp Sec mailing list archives
Java Object Inspector 1.0
From: "Jan P. Monsch" <jan.monsch () csnc ch>
Date: Tue, 29 Oct 2002 20:12:48 +0100
Hi there,Penetration testers are often faced with the situation in which they have to test authentication, authorization and failure behavior. For browser applications to test this, they modify the requests sent to the server using some kind of inspection proxy, like @tstake WebProxy, Achilles or SSL-Proxy.
However, there are also non-browser client applications written in high-level languages like Java. Often these applications do not communicate in plaintext HTTP requests with the server but instead utilize some sort of binary communication. Such traffic cannot be decoded and modified easily due to their proprietary data format, which makes testing with proxy tools like the ones mentioned above almost impossible.
To facilitate the penetration testing of client applications written in Java 1.2 and above, Compass Security has developed a tool called the Java Object Inspector. This tool allows inspection and modification of data records (i.e. member variables of Java objects) in running Java applications and applets....
To read the whole article download it at: http://www.csnc.ch/downloads/docs/techdocs/ObjectInspectorV1.0.pdf The tool is provided free of charge including source code: http://www.csnc.ch/downloads/apps/objectinspector-1.0.zip Regards Jan -- _____________________________________________________________ Jan P. Monsch Compass Security Network Computing AG, CSNC Tel: +41 55 214 41 67 Fax: +41 55 214 41 61 E-mail: jan.monsch () csnc ch Web site: http://www.csnc.ch/ "Security Review - Penetration Testing" _____________________________________________________________
Current thread:
- Java Object Inspector 1.0 Jan P. Monsch (Oct 29)