In computing, the Java Debug Wire Protocol (JDWP) is a communication protocol which is part of the Java Platform Debugger Architecture.[1] It is used for communication between a debugger and the Java Virtual Machine, which it debugs. It allows to debug processes on a different computer. It can work over a network socket or through shared memory.
The protocol is implemented in the software library libjdwp
.[2] It can be activated using the -Xrunjdwp
parameter of Java.
Metasploit includes a module for JDWP. It can exploit it using various scripts, which have functions such as injecting a Java class that executes a shell command, returns operating system details or injects an arbitrary class.
References
edit- ^ Software visualization: international seminar, Dagstuhl Castle, Germany, May 20-25, 2001 : revised papers. Stephan Diehl. Berlin: Springer. 2002. p. 185. ISBN 978-3-540-45875-3. OCLC 50589687.
{{cite book}}
: CS1 maint: others (link) - ^ Topley, Kim (2002). J2ME in a nutshell: a desktop quick reference (1st ed.). Beijing: O'Reilly. p. 235. ISBN 9780596002534. OCLC 52355507.
External links
edit- Java Debug Wire Protocol - Java SE Documentation
- Hacking the Java Debug Wire Protocol by IOActive
- Patent US20110138359A1 - Modified implementation of java debug wire protocol
- JDWP Misconfiguration in Container Images and K8s