Java Object Inspector 1.0

["Jan P. Monsch" <jan.monsch () csnc ch>]

Hi there,

Penetration testers are often faced with the situation in which they 
have to test authentication, authorization and failure behavior. For 
browser applications to test this, they modify the requests sent to the 
server using some kind of inspection proxy, like @tstake WebProxy, 
Achilles or SSL-Proxy.

However, there are also non-browser client applications written in 
high-level languages like Java. Often these applications do not 
communicate in plaintext HTTP requests with the server but instead 
utilize some sort of binary communication. Such traffic cannot be 
decoded and modified easily due to their proprietary data format, which 
makes testing with proxy tools like the ones mentioned above almost 
impossible.

To facilitate the penetration testing of client applications written in 
Java 1.2 and above, Compass Security has developed a tool called the 
Java Object Inspector. This tool allows inspection and modification of 
data records (i.e. member variables of Java objects) in running Java 
applications and applets....

To read the whole article download it at:
http://www.csnc.ch/downloads/docs/techdocs/ObjectInspectorV1.0.pdf

The tool is provided free of charge including source code:
http://www.csnc.ch/downloads/apps/objectinspector-1.0.zip

Regards Jan

--
_____________________________________________________________
Jan P. Monsch
Compass Security Network Computing AG, CSNC

 Tel: +41 55 214 41 67
 Fax: +41 55 214 41 61

E-mail:     jan.monsch () csnc ch
Web site:   http://www.csnc.ch/

"Security Review - Penetration Testing"
_____________________________________________________________