JavaSnoop is a tool for testing (re: hacking) Java desktop applications or applets. A tool that lets you intercept methods, alter data and otherwise test the security of Java applications on your computer

Normally, without access to the original source code, testing the security of a Java client is unpredictable at best and unrealistic at worst. With access the original source, you can run a simple Java program and attach a debugger to it remotely, stepping through code and changing variables where needed. Doing the same with an applet is a little bit more difficult.

Unfortunately, real-life scenarios don't offer you this option, anyway. Compilation and decompilation of Java are not really as deterministic as you might imagine. Therefore, you can't just decompile a Java application, run it locally and attach a debugger to it.

Next, you may try to just alter the communication channel between the client and the server, which is where most of the interesting things happen anyway. This works if the client uses HTTP with a configurable proxy. Otherwise, you're stuck with generic network traffic altering mechanisms. These are not so great for almost all cases, because the data is usually not plaintext. It's usually a custom protocol, serialized objects, encrypted, or some combination of those.

Imagine trying to test a web application without Fiddler, Burp or WebScarab. The same things would still be possible, but they'd be much less cost-effective and the barrier to entry would be fairly high.

That sad situation is where Java application testability was yesterday, before JavaSnoop. By the way, though, it's not just client applications, or applets that can make use of JavaSnoop. Ever want to run that expensive Java desktop program without having a valid license? Whoops, that's possible now too.

JavaSnoop attempts to solve this problem by allowing you attach to an existing process (like a debugger) and instantly begin tampering with method calls, run custom code, or just watch what's happening on the system.

The coolest part is you don't really need to know much about Java to use the program. We made some interfaces to make things super easy. Don't get me wrong - a Java expert will really get all the horsepower out of it, but your everyday Python coder will manage and your everyday non-OO Perl coder will be kind of lost. A smart person that understands in general how virtual machines and programs work will be great. Your everyday .NET expert will probably feel right at home.

For a more detailed explanation of our technique, see the whitepaper or the source code.

The license of this software is Free, you can free download and free use this system utility software.