JavaSnoop
JavaSnoop intercepts Java applications locally by attaching to existing processes, allowing tampering with method calls, running custom code, or monitoring system activity without needing original source code.
Description
Normally, without access to the original source code, testing the security of a Java client is unpredictable at best and unrealistic at worst. With access to the original source, you can run a simple Java program and attach a debugger to it remotely, stepping through code and changing variables where needed. Doing the same with an applet is a little bit more difficult.
JavaSnoop attempts to solve this problem by allowing you to attach to an existing process (like a debugger) and instantly begin tampering with method calls, run custom code, or just watch what’s happening on the system. This makes it particularly useful for security testing of Java-based applications, especially applets, where traditional debugging approaches fall short.
The tool temporarily manages Java security settings to enable its functionality, turning off security for usage and restoring it afterward to ensure safe browsing.
How It Works
JavaSnoop attaches to an existing Java process similar to a debugger. It enables tampering with method calls, execution of custom code, and monitoring of system activities. The process involves temporarily disabling Java security to allow interception and manipulation, then re-enabling it for safety.
Installation
sudo apt install javasnoopFlags
Examples
javasnoop -hjavasnoopjavasnoop <pid>javasnoop --attach <process>javasnoop --tamperjavasnoop --watch