Giter Site home page Giter Site logo

java-object-searcher's Introduction

Java Object Searcher | java内存对象搜索辅助工具

0x01 工具简介

#############################################################
   Java Object Searcher v0.01
   author: c0ny1<[email protected]>
   github: http://github.com/c0ny1/java-object-searcher
#############################################################

配合IDEA在Java应用运行时,对内存中的对象进行搜索。比如可以可以用挖掘request对象用于回显,辅助构造java内存webshell等场景。

0x02 知识储备

使用之前必须了解的三个概念

2.1 搜索器

根据要搜索什么样的对象,选择对应的搜索器,目前项目有三类。

  • JavaObjectSearcher 普通搜索器
  • SearchRequstByBFS 通过广度优先搜索requst对象搜索器
  • SearchRequstByRecursive 通过深度优先搜索requst对象搜索器(递归实现)

2.2 关键字 & 黑名单

关键字是搜索目标对象的关键,可以目标三个属性属性名(field_name),属性值(field_value)和属性类型(field_type)。

比如想搜索属性名为table同时属性值为test的对象,还搜索属性名request同时属性类型包含RequestInfo关键字的,对应的逻辑表达试如下:

(field_name = table & field_value = test) || (field_name = request & field_type = RequestInfo)

编写代码如下:

List<Keyword> keys = new ArrayList<>();
keys.add(new Keyword.Builder().setField_name("table").setField_type("test").build());
keys.add(new Keyword.Builder().setField_name("request").setField_type("RequestInfo").build());

黑名单是定义哪些属性中不可能存有要搜索的目标对象,防止无意义的搜索,浪费时间。如果把上面的例子当做黑名单,编写的代码也是类似的。

List<Blacklist> blacklists = new ArrayList<>();
blacklists.add(new Blacklist.Builder().setField_name("table").setField_value("test").build());
blacklists.add(new Blacklist.Builder().setField_name("request").setField_type("RequestInfo").build());

0x03 使用步骤

1. 将java-object-searcher-<version>.jar引入到目标应用的classpath中,或者可以放在jdk的ext目录(一劳永逸)

2. 编写调用代码搜索目标对象

以搜索request对象为例,选好搜索器,并根据要搜索的目标特点构造好关键字(必须)和黑名单(非必须),可写如下搜索代码到IDEA的Evaluate中执行。

//设置搜索类型包含Request关键字的对象
List<Keyword> keys = new ArrayList<>();
keys.add(new Keyword.Builder().setField_type("Request").build());
//定义黑名单
List<Blacklist> blacklists = new ArrayList<>();
blacklists.add(new Blacklist.Builder().setField_type("java.io.File").build());
//新建一个广度优先搜索Thread.currentThread()的搜索器
SearchRequstByBFS searcher = new SearchRequstByBFS(Thread.currentThread(),keys);
// 设置黑名单
searcher.setBlacklists(blacklists);
//打开调试模式,会生成log日志
searcher.setIs_debug(true);
//挖掘深度为20
searcher.setMax_search_depth(20);
//设置报告保存位置
searcher.setReport_save_path("D:\\apache-tomcat-7.0.94\\bin");
searcher.searchObject();

0x04 更多

0x05 404StarLink 2.0 - Galaxy

java-object-searcher404Team 星链计划2.0中的一环,如果对java-object-searcher有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。

java-object-searcher's People

Contributors

c0ny1 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

sry309 yeshuibo geekmc longofo 0xa-saline crackercat thatqier iiiusky tomandjarry 26597925 samshuai jasonlou uyid listenquiet monopole-zh jas502n al1ex arryboom gold1029 killvxk fengjixuchui 5l1v3r1 center-sun endual rv0p111 raystyle qingege888 traxsw nslxyjy haidragon nice0e3 techris45 backcover7 diggid4ever 20200629 natsuk0 sesyi fa1c0n1 threezerobravoteam jeromeyoung r00tse7en bb33bb anttutu acodervic workcha t4rrega y4tacker czfan shuimuliu ckandroidproject hahagioi998 functfan datbiao lanyi1998 lay0us mmioimm gysf666 f19t 30579096 dawn0207 sh1rosec h30gyan rgsngdha jianson009 cyb3rn8 yyhylh conanjun davidliu88 bfm-z to016 v1f18 0xeas werwolfz gaogaostone skrstop java-sec m0chae1 7rovu weiwhy hnd3884 gary-yang1

java-object-searcher's Issues

报错:找不到 me.gv7.tools.josearcher.entity.Keyword 类

我遇到了个找不到类的问题

在tomcat的 doGet方法下断点,然后打开Evaluate,输入了示例代码

以下是报错信息
image

详细的报错信息:
image

发现找不到类,但是用command+左键是能跳转的对应的类
image

我已经添加到了java/lib 中
image

image

尝试过重启电脑,但是还是同样的报错,不知道是什么原因。

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.