Java Evil Edition


This project aims to extend previous works by Erez Metula by introducing JReFrameworker, a tool to produce MCR capabilities aimed at the Java Runtime Environment in a user-friendly way.

JReFrameworker is a bytecode manipulation tool that allows a user to write annotated Java source that is automatically merged or inserted into the runtime. The framework supports developing and debugging attack modules directly in the Eclipse IDE. Working at the intended abstraction level of source code allows the attacker to “write once, exploit anywhere”.

Getting Started

Ready to get started?

  1. First install the JReFrameworker plugin.
  2. Then check out the provided tutorials to get started hacking your first attack module.
  3. Start a discussion on Gitter. Join the chat at


This tool was presented at DEFCON 24 and Derbycon 7.0. Thanks to all those that attended! The JReFrameworker modules developed for each presentation are available in the repository.

Derybcon 7.0 (2017)

Materials: Slides, Demos 1, 2, 3, 4, 5, 6, 7, 8, 9

DEFCON 24 (2016)

Materials: Slides, Demos 1, 2, 3, 4

Source Code

Need additional resources? Checkout the Javadocs or grab a copy of the source.

If you find a problem please report an issue. If you want to help, pull requests are always welcome.