Java Object Inspector 1.0
From: Jan P. Monsch (jan.monsch@csnc.ch)Date: 10/24/02
- Previous message: Steve Edwards: "Re: OpenVMS resources"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Oct 2002 13:14:35 +0200 From: "Jan P. Monsch" <jan.monsch@csnc.ch> To: pen-test@securityfocus.com, sectools@securityfocus.com
Hi there,
Penetration testers are often faced with the situation in which they
have to test authentication, authorization and failure behavior. For
browser applications to test this, they modify the requests sent to the
server using some kind of inspection proxy, like @tstake WebProxy,
Achilles or SSL-Proxy.
However, there are also non-browser client applications written in
high-level languages like Java. Often these applications do not
communicate in plaintext HTTP requests with the server but instead
utilize some sort of binary communication. Such traffic cannot be
decoded and modified easily due to their proprietary data format, which
makes testing with proxy tools like the ones mentioned above almost
impossible.
To facilitate the penetration testing of client applications written in
Java 1.2 and above, Compass Security has developed a tool called the
Java Object Inspector. This tool allows inspection and modification of
data records (i.e. member variables of Java objects) in running Java
applications and applets....
To read the whole article download it at:
http://www.csnc.ch/downloads/docs/techdocs/ObjectInspectorV1.0.pdf
The tool is provided free of charge including source code:
http://www.csnc.ch/downloads/apps/objectinspector-1.0.zip
Regards Jan
-- _____________________________________________________________ Jan P. Monsch Compass Security Network Computing AG, CSNCTel: +41 55 214 41 67 Fax: +41 55 214 41 61
E-mail: jan.monsch@csnc.ch Web site: http://www.csnc.ch/
"Security Review - Penetration Testing" _____________________________________________________________
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: Steve Edwards: "Re: OpenVMS resources"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
