Hi there, Penetration testers are often faced with the situation in which they have to test authentication, authorization and failure behavior. For browser applications to test this, they modify the requests sent to the server using some kind of inspection proxy, like @tstake WebProxy, Achilles or SSL-Proxy. However, there are also non-browser client applications written in high-level languages like Java. Often these applications do not communicate in plaintext HTTP requests with the server but instead utilize some sort of binary communication. Such traffic cannot be decoded and modified easily due to their proprietary data format, which makes testing with proxy tools like the ones mentioned above almost impossible. To facilitate the penetration testing of client applications written in Java 1.2 and above, Compass Security has developed a tool called the Java Object Inspector. This tool allows inspection and modification of data records (i.e. member variables of Java objects) in running Java applications and applets.... To read the whole article download it at: http://www.csnc.ch/downloads/docs/techdocs/ObjectInspectorV1.0.pdf The tool is provided free of charge including source code: http://www.csnc.ch/downloads/apps/objectinspector-1.0.zip Regards Jan -- _____________________________________________________________ Jan P. Monsch Compass Security Network Computing AG, CSNC Tel: +41 55 214 41 67 Fax: +41 55 214 41 61 E-mail: jan.monschat_private Web site: http://www.csnc.ch/ "Security Review - Penetration Testing" _____________________________________________________________ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Oct 24 2002 - 13:29:59 PDT