In Java, one could do the following to send and receive objects over the network (Without encryption).
class Dog {
public void bark(){ System.out.println("Woof! Woof!"); }
}
Client.java
Dog fido = new Dog();
Socket socket = new Socket(new InetSocketAddress("192.168.1.2"), 1234);
ObjectOutputStream oos = new ObjectOutputStream(socket.getOutputStream());
oos.writeObject(fido);
oos.flush();
oos.close();
Server.java
ServerSocket server = new ServerSocket(1234);
Socket client = server.accept();
ObjectInputStream ois = new ObjectInputStream(client.getInputStream());
Dog fido = (Dog)ois.readObject();
ois.close();
fido.bark();
My question is, suppose you have successfully established an interception point between two network devices which are sending Java objects back and forth on an unsecured link and that you know their protocol and can modify their data, is it possible to inject Java byte code into the objects to change their behavior?
In our little example, is it possible to make fido "moo!" instead of barking?
Aucun commentaire:
Enregistrer un commentaire