ClassModifier : Utility to easily modify your Java class files

Modify your Java class files easy with an interactive GUI.

Since it is not possible to edit a class file directly, this tool changes the class file to Smali version which is editable. After making the required changes, this tool converts the modified Smali to the modified Class file.

Features:

• Modify a given Java class file
• Allows Pen-tester to verify if their java desktop application is safe from Auth bypass
• Can help you change the logical behavior of a Jar file by modifying a class
• You can override private methods, change access modifier for variables of a class using ClassModifier.
• Many other possibilities....

Download ClassModifier:

https://github.com/csanuragjain/ClassModifier/releases

Project Git Location:

https://github.com/csanuragjain/ClassModifier

How to Use:

java -jar ClassModifier.jar

Menu:

File

1. Open class (CTRL+O)- Takes the input class which need to be modified
2. Open Project (CTRL+P)– You can reopen the project created using this feature.
3. Save & Convert (CTRL+S) – Saves & Convert the code to modified Class and Smali file
4. Export Class (CTRL+E) – Export modified class
5. Java 2 Smali Helper - Opens a tab where you can write any Java code which on saving will show its equivalent Smali code
6. Smali 2 Java code - Opens a tab where you can write any Smali code which on saving will show its equivalent Java code

Edit

1. Increase Code FontSize (CTRL+I) – Allows you to increase font size of shown code.
2. Decrease Code FontSize (CTRL+D) – Allows you to decrease the font size of shown code.
3. Remove all tabs – Removes all currently shown tabs.

Decompiler

1. Change Decompiler – Allows you to switch between jadx and jd-cli decompilers.

Help

1. Update Software – Helps you to update the current software if any update is available
2. How to use Class Modifier– Contains the documentation of this tool

Toolbar

1. Allows you to find in current code/replace/replaceAll/find all class

ClassModifier_lib Folder

1. It comes along with the software
2. Contains the helper jars used by program
3. ClassModifier_lib\userLibrary is automatically added in classpath while compiling code. If you wish to compile your code using external jars then place those external jars inside ClassModifier_lib\userLibrary

How to Use:

• Open the Java class to be Modified
• On opening, ClassModifier will open the Smali version of the class file
• Edit the smali file and make the required changes
• Save the smali file 
• Modified java class file will be created which can be anytime exported using the File -> Export Class button.
• Since Smali editing can be difficult, 2 options are provided - Java 2 Smali Helper and vice-versa.
• As name suggests, Java 2 Smali Helper lets you see the Smali equivalent code for the input Java code.
• Similarly, Smali 2 Java Helper lets you see the Java equivalent code for the input Smali code.

Screenshot:

Note: This software is meant for educational purpose only. Don't use it for any illegal activity.

Spoofing file extensions on HackerOne

While testing HackerOne, I observed an issue with the file upload functionality. It seems that on File upload, the uploader uses the content within the file for determining the content type of file instead of filetype .

Although this does not pose much of a risk since the changed extensions would be visible at download time but wanted to blog about this.

This raises below 2 scenario:

Scenario 1

• Open any of your Hackerone report 
• Upload the batch.cmd from https://github.com/csanuragjain/roughProj/blob/master/batch.cmd?raw=true in comment and post the comment

• Open the batch.cmd on the posted comment
• Observe an image gets represented and their is no warning from HackerOne

• User downloads the file, thinking of it as an image file 
• if the user accidentally ignores the downloaded file extensions opens it then malicious batch file gets executed

Scenario 2 

• Open any of your Hackerone report
• Upload the myFile.txt from https://raw.githubusercontent.com/csanuragjain/roughProj/master/myFile.txt in comment and post the comment

• Open the myFile.txt on the posted comment
• You will see a warning from Hackerone, but since the file is txt file so user might just go ahead 

• User downloads the file, thinking of it as an text file

• if the user accidentally ignores the downloaded file extensions opens it then malicious HTML scripts execute

Reason:

1. Content-Disposition: attachment; filename="" in response from hackerone-attachments.s3.amazonaws.com does not contain filename, forcing browser to decide the naming convention. 
2. Since the Content type got decided on basis of file content header instead of extension by HackerOne so few browser would simply save it on user computer with incorrect extension, which caused the above Scenarios 1 and 2

HackerOne Report:

https://hackerone.com/reports/268123 (Closed as Informative)

SSL Pinning bypass on Android Emulator

Recently I developed interest in analyzing the Android apk network traffic.

I was able to capture traffic using HTTP interceptor for some of the apk but many other apk started giving error in interceptor - "The client failed to negotiate SSL connection".

On searching this issue, I came to know that apk are performing SSL pinning. In order to capture traffic for these apk, I need to bypass the SSL pinning. After reading multiple articles, I founded this easy way of performing the same.

Requirements:

1. Burp Suite - https://portswigger.net/burp/communitydownload
2. XPosed apk framework: https://forum.xda-developers.com/showthread.php?t=3034811
3. JustTrustMe - https://github.com/Fuzion24/JustTrustMe/releases
4. Memu Android emulator - https://www.memuplay.com/

Steps:

Configuring Burp Suite:

1. Install Burp Suite from https://portswigger.net/burp/communitydownload
2. Follow all steps mentioned at https://support.portswigger.net/customer/portal/articles/1816883-getting-started-with-burp-suite
3. For our case, we are setting Burp to listen to all interfaces on 8085 port

XPosed apk framework:

1. Download the framework from https://forum.xda-developers.com/showthread.php?t=3034811
2. For my case the download link was https://forum.xda-developers.com/attachment.php?attachmentid=4393082&d=1516301692

JustTrustMe apk:

1. Download the apk from https://github.com/Fuzion24/JustTrustMe/releases
2. For my case it came out to be https://github.com/Fuzion24/JustTrustMe/releases/download/v.2/JustTrustMe.apk

Memu Android emulator :

• Download the emulator from https://www.memuplay.com/ 

• Install the emulator and open the same.

• Click on Settings button and then goto Others tab

• Click on Enable for Root mode option

• Restart the emulator
• Click on "Install APK" button on the right side toolbar of Memu emulator

• Choose Xposed apk framework which was downloaded earlier
• Open the apk after installation
• Click on Install/Update option inside the apk
• After the installation is complete, restart the emulator
• If all went well, you will see something as shown below in screenshot

• Again, click on "Install APK" button on the right side toolbar of Memu emulator
• Choose JustTrustMe apk which was downloaded earlier
• After JustTrustMe is installed, open Xposed apk
• Open the Modules tab

• Activate the JustTrustMe module by ticking the checkbox

• Now, goto Wifi->Settings in the emulator
• Long press on the wifi name till you see option to Modify network

• Click on Advanced option
• Mention the ip of your system and port as 8085 (as Burp is listening on this port)

• Open any apk on the emulator which has SSL pinning enabled
• Observe that Burp suite is capturing all traffic and stops giving SSL error.

Note:

This post is only for educational purpose. Don't use this for any unauthorized activities.

Hope this helps.