This might sound like a ridiculous question, but I have to ask it because I have a working product which is doing this.
I have an applet running inside a browser. This applet is just not just any applet, but a fairly complex package application for CRM/ERP. I was told by a vendor company that they are able to monitor what a user does inside the applet, by replacing applet's main class at runtime before launch with their own. The term used was "endorsing".
I am a bit clueless now. How can you look inside an applet and listen on user clicks and keyboard events, even if you could somehow hack into it? I can tell you that this is a true story, because I have seen this vendor company's applicaiton and it just sits in the background and records all the contextual information (for instance, user filled which textbox in the applet, the name of the textbox and etc).
Are they any hacks at classloading level (I feel stupid asking this), or something else that I have not come across in java that would let you do something 'urban legendary' like this?
2 Answers
Answers 1
Java Applets are loaded using a HTML tags like this:
<applet archive="ApplicationSP1.jar,Application.jar" code="Main.class" name="myApp" width="800" height="600"></applet> As you can see, the "archive" attribute supports several .jar files.
You could use this technique to load your own versions of the Java Classes of the application by putting them in the ApplicationSP1.jar file. They will be loaded before those classes stored in the second Application.jar.
Obviously, you would need to do some reverse engineering to understand which classes from the original application to override or wrap. Then you have to create new ones named exactly (same package and class name) as those you want to override.
Other option would be developing Aspects to capture events in the application and load these aspects using same technique of multiple .jar in the archive attribute of the HTML applet tag.
Answers 2
The solution for capturing Swing/AWT event can be found in Want javax.swing hook that tells me WHICH component in the hierarchy is executing an action
It is difficult for overwriting Swing/AWT class used by applet which launching from browser. They have to breaking the protection of Java security manager and get writing permission of JRE endorsed library folder. For this case, Java Endorsed Standards Override Mechanism is hard to implement without manually operation of end user.
0 comments:
Post a Comment