This project aims to extend previous works by Erez Metula by introducing JReFrameworker, a tool to produce MCR capabilities aimed at the Java Runtime Environment in a user-friendly way.
JReFrameworker is a bytecode manipulation tool that allows a user to write annotated Java source that is automatically merged or inserted into the runtime. The framework supports developing and debugging attack modules directly in the Eclipse IDE. Working at the intended abstraction level of source code allows the attacker to “write once, exploit anywhere”.
Ready to get started?
- First install the JReFrameworker plugin.
- Then check out the provided tutorials to get started hacking your first attack module.
- Start a discussion on Gitter.
This tool was presented at DEFCON 24 and Derbycon 7.0. Thanks to all those that attended! The JReFrameworker modules developed for each presentation are available in the github.com/JReFrameworker/modules repository.