Home > Disassembly, Tech > Java Snoop

Java Snoop

September 17, 2012 Leave a comment Go to comments

I read about Java Snoop today as I was looking for Java reverse engineering tools (other than JD-GUI):

https://www.aspectsecurity.com/research/appsec_tools/javasnoop/

Apparently this tool was first introduced at BlackHat 2010. Here’s a presentation on the tool:

http://vimeo.com/19051012

Looks pretty useful for analyzing client-side java code.

A tool that lets you intercept methods, alter data and otherwise test the security of Java applications on your computer

Normally, without access to the original source code, testing the security of a Java client is unpredictable at best and unrealistic at worst. With access the original source, you can run a simple Java program and attach a debugger to it remotely, stepping through code and changing variables where needed. Doing the same with an applet is a little bit more difficult.

Unfortunately, real-life scenarios don’t offer you this option, anyway. Compilation and decompilation of Java are not really as deterministic as you might imagine. Therefore, you can’t just decompile a Java application, run it locally and attach a debugger to it.

Next, you may try to just alter the communication channel between the client and the server, which is where most of the interesting things happen anyway. This works if the client uses HTTP with a configurable proxy. Otherwise, you’re stuck with generic network traffic altering mechanisms. These are not so great for almost all cases, because the data is usually not plaintext. It’s usually a custom protocol, serialized objects, encrypted, or some combination of those.

JavaSnoop attempts to solve this problem by allowing you attach to an existing process (like a debugger) and instantly begin tampering with method calls, run custom code, or just watch what’s happening on the system.

Advertisements
Categories: Disassembly, Tech
  1. jerome
    November 6, 2012 at 4:19 PM

    This is a great blog thanks for the info! Are you on FB or twitter?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s