26Oct/090
Java Bytecode Injection
When assessing the security posture of a Java thick application we can usually process the code through a decompiler (such as Jad) and have a proper look at the code. It may be the case that we need to bypass the SSL checks but that is usually it.
However, every now and then, we stumble upon more complex scenarios, for instance, an application whose code has been obfuscated causing decompilation errors. In that case it will no longer be enough to decompile, modify the code and compile again, we would need some other technique. Patching the .class file at the bytecode level sounds like a reasonable approach.
Popularity: 2% [?]