This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "JavaSnoop: How to hack anything written in Java"

From OWASP
Jump to: navigation, search
(Created page with '== The presentation == rightAnybody who has assessed anything with a thick Java client has probably been frustrated beyond belief and unhappy wi…')
 
m (The presentation)
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
 +
[[Image:468x60-banner-2010.gif|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]
 +
 +
[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
 +
<br>
 
== The presentation  ==
 
== The presentation  ==
  
[[Image:Owasp_logo_normal.jpg|right]]Anybody who has assessed anything with a thick Java client has probably been frustrated beyond belief and unhappy with their coverage, but that&apos;s only because this tool hasn&apos;t been released yet. We created a tool that allows you to easily jump into any JVM on your machine, and tamper with class bytecode, method parameters, return values - without requiring any pesky original source code, or the most elusive artifact - skill!  
+
[[Image:Owasp_logo_normal.jpg|right]]Anybody who has assessed anything with a thick Java client has probably been frustrated beyond belief and unhappy with their coverage, but that's only because this tool hasn't been released yet. We created a tool that allows you to easily jump into any JVM on your machine, and tamper with class bytecode, method parameters, return values - without requiring any pesky original source code, or the most elusive artifact - skill!  
  
What happens when that applet you want to hack uses serialized objects over a custom encryption scheme, and you have 40 hours to break it? Theoretically, you know that&apos;s not good enough, but who cares about "theoretically"? JavaSnoop will allow you to intercept calls inside the JVM for tampering with data before it gets to the network, while its still in object form! What happens when that fancy desktop tool you have has an expired license? JavaSnoop will allow you to make that isLicensed() check return the value you want, instead of the value you didn&apos;t pay for.
+
What happens when that applet you want to hack uses serialized objects over a custom encryption scheme, and you have 40 hours to break it? Theoretically, you know that's not good enough, but who cares about "theoretically"? JavaSnoop will allow you to intercept calls inside the JVM for tampering with data before it gets to the network, while its still in object form! What happens when that fancy desktop tool you have has an expired license? JavaSnoop will allow you to make that isLicensed() check return the value you want, instead of the value you didn't pay for.
  
All this in a nice, portable GUI tool. I can&apos;t wait to enable you!
+
All this in a nice, portable GUI tool. I can't wait to enable you!
  
 
== The speaker  ==
 
== The speaker  ==

Latest revision as of 19:10, 7 October 2010

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

The presentation

Owasp logo normal.jpg
Anybody who has assessed anything with a thick Java client has probably been frustrated beyond belief and unhappy with their coverage, but that's only because this tool hasn't been released yet. We created a tool that allows you to easily jump into any JVM on your machine, and tamper with class bytecode, method parameters, return values - without requiring any pesky original source code, or the most elusive artifact - skill!

What happens when that applet you want to hack uses serialized objects over a custom encryption scheme, and you have 40 hours to break it? Theoretically, you know that's not good enough, but who cares about "theoretically"? JavaSnoop will allow you to intercept calls inside the JVM for tampering with data before it gets to the network, while its still in object form! What happens when that fancy desktop tool you have has an expired license? JavaSnoop will allow you to make that isLicensed() check return the value you want, instead of the value you didn't pay for.

All this in a nice, portable GUI tool. I can't wait to enable you!

The speaker

Speaker bio will be posted shortly.