[prev in list] [next in list] [prev in thread] [next in thread]
List: webappsec
Subject: Java Object Inspector 1.0
From: "Jan P. Monsch" <jan.monsch () csnc ! ch>
Date: 2002-10-29 19:12:48
[Download RAW message or body]
Hi there,
Penetration testers are often faced with the situation in which they
have to test authentication, authorization and failure behavior. For
browser applications to test this, they modify the requests sent to the
server using some kind of inspection proxy, like @tstake WebProxy,
Achilles or SSL-Proxy.
However, there are also non-browser client applications written in
high-level languages like Java. Often these applications do not
communicate in plaintext HTTP requests with the server but instead
utilize some sort of binary communication. Such traffic cannot be
decoded and modified easily due to their proprietary data format, which
makes testing with proxy tools like the ones mentioned above almost
impossible.
To facilitate the penetration testing of client applications written in
Java 1.2 and above, Compass Security has developed a tool called the
Java Object Inspector. This tool allows inspection and modification of
data records (i.e. member variables of Java objects) in running Java
applications and applets....
To read the whole article download it at:
http://www.csnc.ch/downloads/docs/techdocs/ObjectInspectorV1.0.pdf
The tool is provided free of charge including source code:
http://www.csnc.ch/downloads/apps/objectinspector-1.0.zip
Regards Jan
--
_____________________________________________________________
Jan P. Monsch
Compass Security Network Computing AG, CSNC
Tel: +41 55 214 41 67
Fax: +41 55 214 41 61
E-mail: jan.monsch@csnc.ch
Web site: http://www.csnc.ch/
"Security Review - Penetration Testing"
_____________________________________________________________
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic