SSL Support for RMIRegistryExploit #33
Labels
Comments
|
The exploit code would need to create the registry client with something like this, and probably customize the SSLContext sc = SSLContext.getInstance("TLS");
// probably need to customize trust for self-signed certs here
SSLSocketFactory sf = sc.getSocketFactory();
RMIClientSocketFactory csf = new MySslRMIClientSocketFactory(sf);
Registry registry = LocateRegistry.getRegistry("myserver", 1234, csf);It should be easier to build-in support for this when we finish #23. |
|
Thanks for your observations and pointers. |
frohoff
changed the title
|
Renamed and tagged as enhancement |
|
This will probably have to wait for #23. |
|
This was fixed in #81 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
trying to PoC-Exploit a setup like the one explained here:
https://blogs.oracle.com/jmxetc/entry/jmx_connecting_through_firewalls_using
(ssl enhanced RMI over single port), I'm stumbling upon the same error message as the first commenter.
Would it be possible to add ssl-support to RMIRegistryExploit?
The text was updated successfully, but these errors were encountered: