Is it possible to intercept outgoing tcp requests of a java jar?

huangapple go评论125阅读模式
英文:

Is it possible to intercept outgoing tcp requests of a java jar?

问题

我正在尝试解决的问题是找出一个名为“Etl”的Java JAR文件的所有外部依赖项。这个JAR文件可以调用任意数量的外部Web服务,但我们无法真正了解它们在调用什么。

我们从另一个Java应用程序中启动这些JAR文件(例如,“java -jar jarname.jar”),所以我认为我们可能可以使用Java代理或类似的方式拦截启动JAR文件时的所有HTTP请求。

总之,是否可能拦截在启动Java JAR文件时的所有出站TCP请求?我提到TCP,因为我们正在寻找所有出站连接,包括数据库、RabbitMQ和HTTP。

英文:

The problem I am trying to solve is figuring out all the external dependencies of an "Etl" java jar. The jar can call out to any number of external web services but there is no real insight to what they are calling out to.

We launch these jars from another java application(e.g. "java -jar jarname.jar"), so that's why I think we might be able to do something to intercept all http requests from the launch jar using a java agent or something like that.

In all, is it possible to intercept all outgoing tcp requests when launching a java jar? I say tcp because we are looking for all outgoing connections database, rabbitmq, http.

答案1

得分: 4

The usual strategy is to use tools like wireshark,这些工具可以配置以告诉您所有细节(包括数据本身),在一个漂亮的用户界面中,您可以轻松地过滤“只有由这个特定进程引起的所有流量”。

您也可以使用代理来实现这一点,但您需要大量的代码工作,最终的结果将远远不如wireshark等工具提供的信息丰富。

如果您想采用代理方式,找到可能建立TCP连接的每个入口调用。希望这仅仅是Socket,但实际上我敢打赌会有更多,而且我不认为有一个列出来的列表。使用ASM或bytebuddy或其他字节码重写工具来“加载”在传输中定义的每个类,检查它,并重写对例如Socket构造函数的任何调用,使其调用您自己的实用方法来记录或包装这个调用,以便您可以跟踪它。这将是一个相当庞大的项目。

不过,您其实不需要代理来实现这一点;如果您想知道何时发生连接,只需在您的主要部分中设置一个SecurityManager - 允许一切,但在相关方法中记录一些信息。例如:

class MyNetworkInspectingManager extends SecurityManager {
    @Override public void checkAccept(String host, int port) {
        log.warn("accepting connection on " + host + ":" + port);
    }

    @Override public void checkConnect(String host, int port, Object context) {
        log.warn("opening connection to " + host + ":" + port);
    }

    @Override public void checkConnect(String host, int port) {
        log.warn("opening connection to " + host + ":" + port);
    }
}

可能还要覆盖checkListencheckMulticast

然后,在您的主要部分中:

public static void main(String[] args) throws Exception {
    System.setSecurityManager(new MyNetworkInspectingManager());
}

仍然远不如wireshark有用,但设置这个大约需要一个小时,而不是需要数周甚至更长时间来让代理解决方案正常工作。

英文:

The usual strategy is to use tools like wireshark which can be configured to tell you all the details (including the data itself), in a nice user interface, and you can trivially filter on 'only all traffic caused by this specific process'.

You CAN also do this with an agent, but you're signing yourself up for a ton of code work for an end result that is going to be vastly inferior to what tools like wireshark can tell you.

If you want to go the agent route, find every entrypoint call that could possibly set up a TCP connection. Hopefully, that's just Socket, but in practice I bet there is more, and I don't think there's a list out there. Use ASM or bytebuddy or some other bytecode rewrite tool to 'load' every class being defined 'in transit', inspect it, and rewrite any calls to e.g. the Socket constructor to your own utility method that logs this, or wraps this so you can keep track of it. This will be quite a sizable project.

You don't really need an agent for this, though; if you want to know when connections happen, just, in your main, set up a SecurityManager - allow everything, but do some logging in the relevant methods. For example:

class MyNetworkInspectingManager extends SecurityManager {
    @Override public void checkAccept(String host, int port) {
        log.warn("accepting connection on " + host + ":" + port);
    }

    @Override public void checkConnect(String host, int port, Object context) {
        log.warn("opening connection to " + host + ":" + port);
    }

    @Override public void checkConnect(String host, int port) {
        log.warn("opening connection to " + host + ":" + port);
    }
}

and possibly, also override checkListen, checkMulticast.

then, in your main:

public static void main(String[] args) throws Exception {
    System.setSecurityManager(new MyNetworkInspectingManager());
}

Still far less useful than wireshark, but it's an hour or so to set this up, vs. the weeks+ to make the agent solution work out.

huangapple
  • 本文由 发表于 2020年8月1日 01:58:33
  • 转载请务必保留本文链接:https://go.coder-hub.com/63196856.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定