堆栈内存溢出
  简体   繁体   English

间谍Java安全套接字

[英]Spy Java Secure Sockets

 原文  2012-09-11 09:36:18       java/ security/ sockets/ spy

问题描述

I would like to know if there is an easy (or hard) way to spy the secure sockets from a java applet ? 我想知道是否有一种简单(或硬)的方法来从Java小程序中监视安全套接字? (without having the source code) (没有源代码)

The goal here is to know exactly what for informations send an (very good obfuscated) applet. 这里的目标是确切地知道什么信息会发送(非常模糊的)小程序。

I thought i can simply compile myself a modified java version with a log function but the full source code from java is not available for security reasons... 我以为我可以用一个日志函数简单地编译一个经过修改的Java版本,但是出于安全原因,无法使用Java的完整源代码...

3 个解决方案

解决方案1
 0  2012-09-11 09:42:04

Set up a proxy server with a security certificate that the applet accepts. 使用小程序接受的安全证书设置代理服务器。 Afterwards, you just have to configure your browser to use that proxy and the applet should use the same config. 之后,您只需将浏览器配置为使用该代理,小程序应使用相同的配置。

See Does https prevent man in the middle attacks by proxy server? 请参阅https是否可以通过代理服务器阻止中间人攻击? for how it works technically. 在技​​术上如何运作。

Some things you will need: A proxy than can act as a web server and which is probably reachable with the name of the real server from your browser. 您将需要做一些事情:一个代理,它可以充当Web服务器,并且可以通过浏览器使用真实服务器的名称来访问。 You will need to create a valid certificate for this combination which isn't trivial unless the applet is configured to accept certificates from untrusted sources (no CA authority will issue a certificate for, say, "google.com" so that you can feed that to your proxy). 您将需要为此组合创建一个有效的证书,除非将applet配置为接受来自不受信任来源的证书(否则,任何CA机构都不会为“ google.com”颁发证书,以便您可以提供该证书)给您的代理人)。

Googling for "man in the middle attack ssl proxy" turns up many links that should be useful. 搜寻“中级攻击ssl代理中的人”会发现许多有用的链接。

This article seems to describe an out-of-the-box solution: Understanding Man-In-The-Middle Attacks - Part 4: SSL Hijacking 本文似乎描述了一种现成的解决方案: 了解中间人攻击-第4部分:SSL劫持

It doesn't mention applets but Fiddler might fit the bill (from Capturing HTTPS traffic in the clear? ) 它没有提到applet,但是Fiddler可能适合(从明确捕获HTTPS流量起?

解决方案2
 0  2012-09-12 04:39:57

Just set -Djavax.net.debug=all in the JVM properties. 只需在JVM属性中设置-Djavax.net.debug = all即可。 You will get all kinds of output from different layers of the network stack, including the pre-encrypted SSL traffic. 您将从网络堆栈的不同层获得各种输出,包括预加密的SSL流量。

解决方案3
 -2  2012-09-11 09:41:31

如果您谈论的是SSL,那么这将是不安全的,而且它是安全的,因此不是。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 OCSP检查Java安全套接字 - OCSP check in Java secure sockets 如何通过普通的Java套接字实现(SSL / TLS)安全通信 - How to implement (SSL/TLS) secure communication through normal Java Sockets Java套接字到C套接字 - Java sockets to C sockets Spock spy-在函数(Java)中使用的间谍类 - Spock spy - spy class that used in function (Java) 使用Java的对象间谍 - Object Spy using Java SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption - SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption Java中的套接字 - Sockets in java Java套接字...? - Sockets in Java…? Java SSL套接字和普通套接字 - Java SSL sockets and ordinary sockets 如何使用Junit监视Java中的方法? - How to spy on a method in Java with Junit?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM