Monday, August 9, 2010

Abusing serialization protocol using JVMITM (JVM in the middle)

A friend of mine asked me to clarify about Belch usage in serialization manipulating, so here goes:

When a serialization channel is created between client and server, all traffic switches from basic http to serialization over http. This makes tracing, manipulating and testing more difficult due to the binary content of the serialization protocol.

This in mind, what you need is a decrytor-encryptor utility to stick in the middle of communication channel, so you can get a better understanding and control over the communication between the client and server. You need it to be very efficient and very fast: enters JVMITM - JVM in the middle.

If you could divert the communication to an Java VM, you could utilize java to translate the serialization protocol into a somewhat better understandable format -say XML. Once in XML format, you abuse it at your will and then redirect it to JVM back. JVM convert it back to serialization protocol and send it down the communication channel.

JVMITM approach support any serialization protocol that Java understand, such as Flash, Java-serialization and more. The only thing you have to do in order to decrypt the protocol, is to include the proper library in your JVMITM classpath

Belch can help you utilize JVMITM by enabling you to redirect the communication to your chosen application (hex-editor ,batch wrapper of a JVM or other self written tool)

Stay tuned as I will publish some example of using Belch to JVMITM against Flash AMF serialization protocol