Hacking the Java Debug Wire Protocol (JDWP)


Christophe Alladoum has posted a tutorial on the IO Active Labs Research blog on the Java debug wire protocol and its insecurities. He explains, “In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a pentester’s point of view. I will cover some JDWP internals and how to use them to perform code execution, resulting in a reliable and universal exploitation script. This post does not reveal any 0-day exploits, but instead thoroughly covers JDWP from a pentester/attacker perspective.”

Official documentation explaining the Java debug wire protocol can be found on the JDWP page at Oracle.

Leave a comment

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.