当前位置:theitroad>java 检查 .class 文件中的内容

java 检查 .class 文件中的内容

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/6091920/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-10-30 14:17:35  来源:igfitidea点击:

check content in .class files

javaclassfilebytecode

提问by James Raitsev

Suppose one learned that certain developer hardcoded a bunch of usernames and passwords into application, which made it into Production. Oh-oh ..!

假设有人了解到某个开发人员将一堆用户名和密码硬编码到应用程序中,从而使其进入生产环境。哦哦..!

You know both username and password - is there a way to scan the bytecode and identify whether in fact username, password was hardcoded?

您知道用户名和密码 - 有没有办法扫描字节码并确定用户名和密码实际上是否是硬编码的?

回答by Stephen C

A simple way to see what String literals are used in a ".class" file is to use the javaputility in your JDK installation to dump the file using the "-v" option. Then grepfor text that looks like <String "...">where ...is the String you are looking for.

查看“.class”文件中使用的字符串文字的一种简单方法是使用javapJDK 安装中的实用程序使用“-v”选项转储文件。然后grep对于看起来像您正在寻找的字符串<String "...">在哪里的文本...

UPDATE

更新

The latest documentation for javapis here, but the old version looks nicer IMO.

有关最新文档javap在这里,但老版看起来更好IMO。

回答by Nirmit Shah

You can use java decompilers to decompile your class (and to check whether the class contains hardcoded username/passwords) Have a look at:

您可以使用 java 反编译器来反编译您的类(并检查该类是否包含硬编码的用户名/密码)看看:

回答by Richard J. Ross III

Have you looked into JD-GUI? You can see there if that has been hardcoded into any of the class files.

你看过JD-GUI吗?您可以在那里查看是否已将其硬编码到任何类文件中。

回答by Balaji Boggaram Ramanarayan

May be helpful for others in future. (From How can I open Java .class files in a human-readable way?)

将来可能对其他人有帮助。(来自如何以人类可读的方式打开 Java .class 文件?

Usage: javap <options> <classes>...

where options include:
   -c                        Disassemble the code
   -classpath <pathlist>     Specify where to find user class files
   -extdirs <dirs>           Override location of installed extensions
   -help                     Print this usage message
   -J<flag>                  Pass <flag> directly to the runtime system
   -l                        Print line number and local variable tables
   -public                   Show only public classes and members
   -protected                Show protected/public classes and members
   -package                  Show package/protected/public classes
                             and members (default)
   -private                  Show all classes and members
   -s                        Print internal type signatures
   -bootclasspath <pathlist> Override location of class files loaded
                             by the bootstrap class loader
   -verbose                  Print stack size, number of locals and args for methods
                             If verifying, print reasons for failure

相关推荐

java 来自内部存储的电子邮件

java 来自内部存储的电子邮件

在 Java 方法中使用标志的最佳实践

在 Java 方法中使用标志的最佳实践

如何使用 Java 分块上传大文件?

如何使用 Java 分块上传大文件?

java 将 POJO 转换为 <K,V> 映射

java 将 POJO 转换为 <K,V> 映射

相关推荐
最近更新
标签