Re: Hijacking Java Classes

["Dean H. Saxe" <dean () fullfrontalnerdity com>]

Decompilation is your best bet.  Decompile the existing class using  
JAD or FrontEndPlus, modify it to suit your needs (say, writing out  
login credentials somewhere), recompile and re-JAR the classes.  You  
could also use decompilation to determine all of the method  
signatures and then write your own class with those particular method  
signatures and replace the original class with your malicious one.   
The effect is the same.

You'll have to make sure the JAR isn't signed for this to work  
directly.  If it is signed, you'll need to resign the JAR with a new  
private key and certificate.  If the certs are validated against a CA  
then you'll need the original private key that was used to sign the  
JAR.  There may be other tamper-proofing mechanisms in place you'll  
discover while working on this.  They can usually be circumvented  
with a little creativity.

Good luck!
dhs-

Dean H. Saxe, CEH
dean () fullfrontalnerdity com
"I have always strenuously supported the right of every man to his  
own opinion, however different that opinion might be to mine. He who  
denies another this right makes a slave of himself to his present  
opinion, because he precludes himself the right of changing it."
    -- Thomas Paine, 1783



On Dec 28, 2005, at 7:03 PM, funkyforumemail () hotmail com wrote:

> I have a java .jar, and would like to write the variables being  
> sent to a particular class into a seperate file, then continue to  
> execute the class as normal. An example would be a login.class, i  
> would like to intercept the username and password going into the  
> class file. The point is that I dont have the original source code,  
> and decompiling and recompiling the class is difficult. Replacing  
> the class with my own and somehow resume normal execution seems to  
> be the best way.
>
> Please help.
>
> ---------------------------------------------------------------------- 
> --------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications  
> on your
> website. Up to 75% of cyber attacks are launched on shopping carts,  
> forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down  
> servers are
> futile against web application hacking. Check your website for  
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before  
> hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ---------------------------------------------------------------------- 
> ---------


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------