Tuesday, June 30, 2009
Adam Boulton's Java HSBC API - No, not the payment gateway!
So, I have finally got round to setting up the HSBC Java API (some of you may remember my posts from months back mentioning my personal project I was working on HSBC Bank account aggregation). Writing this API has been a personal project of mine which has been on and off for a while now due to other committments. The idea behind this API is that it easily allows you to access your UK HSBC accounts and transaction history. I have so far found it useful for tracking my expenditure (by grouping transactions) and using it for notifications about the most recent transaction to be processed on my account. I am sure many developers will find this project interesting and will find many interesting ways to incorporate it into their applications.
Java PDF Library
I have been playing around with extracting data from PDF files. Apache PDF Box looked pretty promising but unfortunately it is far behind some of the others that are available. iText is a mature library but lacks the ability to extract information (it is actually a PDF creator). I was very impressed by the work done by LAB Asprise!. It took minutes to understand their impressive API and start coding. The parsing is fast, and so far appears accurate. The library is also extremely small for the abilities it provides (just over 3MB). If you are looking for a powerful Java API for processing PDFs then I strongly recommend it. Here is a code sample for extracting text (taken from their site). The code clearly demonstrates how much of an awesome job these guys have done....
PDFReader reader = new PDFReader(new File("my.pdf"));
reader.open(); // open the file.
int pages = reader.getNumberOfPages();
for(int i=0; i < pages; i++)
{
String text = reader.extractTextFromPage(i);
System.out.println("Page " + i + ": " + text);
}
Thursday, April 9, 2009
Security Assessing Java RMI Slides
There has been alot of interest lately in RMI security and people trying to hunt down my slides from the presentation I did at OWASP. The slides can be found here.
The original presentation can be found:
http://video.google.com/videoplay?docid=1673714450539106400#
The original presentation can be found:
http://video.google.com/videoplay?docid=1673714450539106400#
Wednesday, March 25, 2009
Editing webpages with JavaScript snippet
So, most of you will no doubt know that you can execute JavaScript from the URL bar and how useful it can be. For example, you could view the text is password fields which has proved to be useful on several occassions (alert document.form1.passwordField.text) . An interesting JS snippet I came across was:
javascript:document.body.contentEditable='true'; document.designMode='on'; void 0
Just type that into the URL, then you can start editing the webpage you are viewing straight from the browser.
Tuesday, March 10, 2009
Disable HtmlUnit logging
HtmlUnit is a pretty decent scriptable browser. I use it for developing alot of website scrapers and various bots. By default, the logging to the standard output stream is pretty verbose. A quick way to disable it programmatically is to add the following static initializer to your code:
static {
LogFactory.getFactory().setAttribute("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.NoOpLog");
}
Strings are immutable in Java. Really, Mr. Anderson?
Take a look at the following code, the output is not what you may expect ;)
//MindWarp.java
public class MindWarp
//MindWarp.java
public class MindWarp
{
public static void main(String[] args)
{
System.out.println(MR_ANDERSON);
}
private static final String MR_ANDERSON = "Adam, RIM Security Researcher";
private static final Warper warper = new Warper(); //The hackers class ;)
}
//Warper.java - Hacks the String object which is on the heap....
import java.lang.reflect.*;
public class Warper
public static void main(String[] args)
{
System.out.println(MR_ANDERSON);
}
private static final String MR_ANDERSON = "Adam, RIM Security Researcher";
private static final Warper warper = new Warper(); //The hackers class ;)
}
//Warper.java - Hacks the String object which is on the heap....
import java.lang.reflect.*;
public class Warper
{
private static Field stringValue;
static
private static Field stringValue;
static
{
try
{
stringValue = String.class.getDeclaredField("value"); //String has a private char [] called "value"
}
catch(NoSuchFieldException ex)
{
try
{
stringValue = String.class.getDeclaredField("value"); //String has a private char [] called "value"
}
catch(NoSuchFieldException ex)
{
//Should deploy a safety net here i.e enumerate a char[] incase the variable inside the String class is not called "value"
ex.printStackTrace();
}
if (stringValue != null) {
stringValue.setAccessible(true); // make field public ;)
}
}
public Warper() {
try {
ex.printStackTrace();
}
if (stringValue != null) {
stringValue.setAccessible(true); // make field public ;)
}
}
public Warper() {
try {
//String must be same length, otherwise IndexOutOfBoundsException
stringValue.set("Adam, RIM Security Researcher", "You have been hacked! ! ! ! !".toCharArray());
} catch(IllegalAccessException ex) {} // shhh
}
}
stringValue.set("Adam, RIM Security Researcher", "You have been hacked! ! ! ! !".toCharArray());
} catch(IllegalAccessException ex) {} // shhh
}
}
Friday, November 7, 2008
Assembly competitions
I have been in a couple of Assembly competitions recently on a private forum. They have been very interesting, one in particular was to create the smallest PE file (Windows executable) that displays the message "ADZ" in a graphical message box i.e use of user32.MessageBoxA() and must exit without an exception. I am currently in first position with 109 bytes! So its a challenge to any reverse engineering experts to try and beat that ;) I will be posting my solution and analysis once of the competition ends, which is in about 5 days. Here is a useful resource to get you started:
http://www.phreedom.org/solar/code/tinype/
EDIT: Well 109 bytes was a clear winner :) If anyone got smaller don't hesitate to let us know! Here is my bytecode:
4D 5A CC CC 50 45 00 00 4C 01 01 00 68 21 00 40
00 E8 65 1D 40 7C EB 2D 04 00 03 01 0B 01 08 00
04 75 73 65 72 33 32 00 04 00 00 00 0C 00 00 00
04 00 00 00 0C 00 00 00 00 00 40 00 04 00 00 00
04 00 00 00 04 6A 30 EB 05 41 44 5A 04 00 68 6A
00 40 00 EB 01 CC EB 01 88 68 6A 00 40 00 EB 02
02 00 6A 00 E8 81 07 05 7E C3 53 41 46
http://www.phreedom.org/solar/code/tinype/
EDIT: Well 109 bytes was a clear winner :) If anyone got smaller don't hesitate to let us know! Here is my bytecode:
4D 5A CC CC 50 45 00 00 4C 01 01 00 68 21 00 40
00 E8 65 1D 40 7C EB 2D 04 00 03 01 0B 01 08 00
04 75 73 65 72 33 32 00 04 00 00 00 0C 00 00 00
04 00 00 00 0C 00 00 00 00 00 40 00 04 00 00 00
04 00 00 00 04 6A 30 EB 05 41 44 5A 04 00 68 6A
00 40 00 EB 01 CC EB 01 88 68 6A 00 40 00 EB 02
02 00 6A 00 E8 81 07 05 7E C3 53 41 46
Thursday, October 2, 2008
OWASP NYC
Fantastic conference, the presentation went really well. Already starting to see people referencing my RMI hacking presentation, thanks for all the feedback!
Gunter Ollman's Blog
Secshoggoth
It is great to see the search engine results changing in respects to RMI security. The start of all this happened 4 years ago during my Software Engineering degree and I was taught to develop my first RMI service. At the time, things didn't seem right from a security perspective but I didn't have the time nor skillset to pursue it at the time. I remember attempting to assess an RMI service at the time but couldn't get past step 1 of what I presented at the OWASP conference. However, my interest was sparked again during a security assessment, so over the last few weeks the RMI research began and things started to come together very quickly. I am looking forward to releasing alot of research and new tools over the coming weeks.
Cheers
EDIT: The video is now available via Google Videos
Hacking RMI services
Update: Unfortunately I will no longer be releasing the RMI Assessment tools. I have recently left Corsaire and will be joining Research In Motion (Blackberry). The research and tools are Corsaire's intellectual property.
Gunter Ollman's Blog
Secshoggoth
It is great to see the search engine results changing in respects to RMI security. The start of all this happened 4 years ago during my Software Engineering degree and I was taught to develop my first RMI service. At the time, things didn't seem right from a security perspective but I didn't have the time nor skillset to pursue it at the time. I remember attempting to assess an RMI service at the time but couldn't get past step 1 of what I presented at the OWASP conference. However, my interest was sparked again during a security assessment, so over the last few weeks the RMI research began and things started to come together very quickly. I am looking forward to releasing alot of research and new tools over the coming weeks.
Cheers
EDIT: The video is now available via Google Videos
Hacking RMI services
Update: Unfortunately I will no longer be releasing the RMI Assessment tools. I have recently left Corsaire and will be joining Research In Motion (Blackberry). The research and tools are Corsaire's intellectual property.
Monday, September 22, 2008
Hacking Java Remote Method Invocation
Things have been a quiet here recently. I have been preparing for my RMI hacking presentation for OWASP in NYC. I have developed a suite of tools which finger print an RMI service and aid in building the vital stub component which is required to communicate with RMI services. A video of my presentation will be available on the coming weeks and the software will be released soon. You can find an abstract of my talk here:
Security Assessing Java RMI at OWASP NYC
I look forward to seeing you all.
Security Assessing Java RMI at OWASP NYC
I look forward to seeing you all.
Saturday, August 16, 2008
Breaking the bank
My new paper has finally been released after weeks of intense peer reviews. This paper draws attention to how the use of common programming APIs and practices could lead to flaws in the processing of numeric data, which could allow attackers to manipulate the outcome of transactions or otherwise interfere with the accuracy of calculations. It discusses the technical vulnerabilities typically observed in both the validation and processing of numeric data that could expose an organisation to unmanaged risk. It is intended for a technically literate audience involved in developing or testing financial applications, and to provide technical insight to those responsible for their management. The vulnerabilities are presented with source code examples, suggestions on how to identify the flaws during the testing phases and recommendations for mitigating the risk.
http://research.corsaire.com/whitepapers/080715%20-breaking-the-bank-numeric-processing.pdf
A colleague and good friend of mine, Daniel Cuthbert, has presented parts of the research at OWASP NYC 2008, the video is available here.
Enjoy
http://research.corsaire.com/whitepapers/080715%20-breaking-the-bank-numeric-processing.pdf
A colleague and good friend of mine, Daniel Cuthbert, has presented parts of the research at OWASP NYC 2008, the video is available here.
Enjoy
Subscribe to:
Posts (Atom)