1

I'm currently reverse engineering a JSP applet running through JBoss. Decompiling the code it looks like there are a bunch of Logger.debug() calls in the code that aren't guarded. A quick read through the API and I didn't see where this output actually goes or if it's even accessible, but since I'm pretty new at REing Java stuff I figured being able to see the log messages being printed as the application is running would go a long way to figuring out code flow.

Is there an easy way to read debug output from the running application? I saw JavaSnoop referenced in another Stack Exchange post and I'm probably going to explore that but I didn't know if there was an easier way. All I want to do for now is try to get a handle on how to interact with the parts of the application.

Or if there's a better way to go about it that would be appreciated as well. What I'm looking at is a Java SE binary so tracing that to the servlets is the end goal.

Thanks.

Fewmitz
  • 1,022
  • 5
  • 16
  • Have you tried just replacing them with calls to Systme.out.println? – Antimony Oct 04 '14 at 21:35
  • I don't have access to source. And even if I did that would go to the console, which also isn't displayed by the application – Fewmitz Oct 04 '14 at 22:22
  • You can patch the method calls directly, assuming they're not using reflection to obfuscate everything. – Antimony Oct 04 '14 at 22:48
  • 5
    An easier way could be to find out which logging framework is being used (your class names could tell you that) and find out how it's configured. For example, if the once-popular log4j is being used, creating an XML file might be all that's neccesary. (http://logging.apache.org/log4j/2.x/manual/configuration.html). Tracing JBoss with ProcMon (on Windows) or strace -efile (on Linux) or truss (on Solaris) might even give you the name of a logger configuration file it's trying to access when starting. – Guntram Blohm Oct 05 '14 at 10:55

0 Answers0