# About This Book

👋Hi There! This is a repository to record my study of Java Security

⭐I'd appreciate you lighting up the star (if you like this repository🙂)

repository: <https://github.com/p4d0rn/Java_Zoo>

gitbook: <https://p4d0rn.gitbook.io/java>

OpenJDK: <https://hg.openjdk.org/jdk8u/jdk8u/jdk/tags>

***

## Table of contents

* [About This Book](/java/rasp/openrasp.md)

### 🍖Prerequisites

* 反射
  * [反射基本使用](/java/prerequisites/fan-she/reflection.md)
  * [高版本JDK反射绕过](/java/prerequisites/fan-she/reflection2.md)
  * [反射调用命令执行](/java/prerequisites/fan-she/exec.md)
  * [反射构造HashMap](/java/prerequisites/fan-she/reflect_hashmap.md)
  * [方法句柄](/java/prerequisites/fan-she/methodhandle.md)
* 类加载
  * [动态加载字节码](/java/prerequisites/lei-jia-zai/classloader.md)
  * [双亲委派模型](/java/prerequisites/lei-jia-zai/parents_delegate.md)
  * [BCEL](/java/prerequisites/lei-jia-zai/bcel.md)
  * [SPI](/java/prerequisites/lei-jia-zai/spi.md)
* RMI & JNDI
  * [RPC Intro](/java/prerequisites/rmi-and-jndi/rpc.md)
  * [RMI](/java/prerequisites/rmi-and-jndi/rmi.md)
  * [JEP 290](/java/prerequisites/rmi-and-jndi/jep.md)
  * [JNDI](/java/prerequisites/rmi-and-jndi/jndi.md)
* Misc
  * [Unsafe](/java/prerequisites/misc/unsafe.md)
  * [代理模式](/java/prerequisites/misc/proxy.md)
  * [JMX](/java/prerequisites/misc/jmx.md)
  * [JDWP](/java/prerequisites/misc/jdwp.md)
  * [JPDA](/java/prerequisites/misc/jpda.md)
  * [JVMTI](/java/prerequisites/misc/jvmti.md)
  * [JNA](/java/prerequisites/misc/jna.md)
  * [Java Security Manager](/java/prerequisites/misc/securitymanager.md)

### 👻Serial Journey

* [URLDNS](/java/serial-journey/urldns.md)
* [SerialVersionUID](/java/serial-journey/serialversionuid.md)
* Commons Collection 🥏
  * [CC1-TransformedMap](/java/serial-journey/commons-collection/cc1_transformedmap.md)
  * [CC1-LazyMap](/java/serial-journey/commons-collection/cc1_lazymap.md)
  * [CC6](/java/serial-journey/commons-collection/cc6.md)
  * [CC3](/java/serial-journey/commons-collection/cc3.md)
  * [CC2](/java/serial-journey/commons-collection/cc2.md)
* FastJson 🪁
  * [FastJson-Basic Usage](/java/serial-journey/fastjson/fastjsonbasic.md)
  * [FastJson-TemplatesImpl](/java/serial-journey/fastjson/fastjson_templatesimpl.md)
  * [FastJson-JdbcRowSetImpl](/java/serial-journey/fastjson/fastjson_jdbcrowsetimpl.md)
  * [FastJson-BasicDataSource](/java/prerequisites/lei-jia-zai/bcel.md)
  * [FastJson-ByPass](https://github.com/p4d0rn/Java_Zoo/blob/main/Deserial/FastJson_ByPass.md)
  * [FastJson与原生反序列化(一)](https://paper.seebug.org/2055/)
  * [FastJson与原生反序列化(二)](https://y4tacker.github.io/2023/04/26/year/2023/4/FastJson与原生反序列化-二/)
  * [Jackson的原生反序列化利用](/java/serial-journey/fastjson/jackson.md)
* Other Components
  * [SnakeYaml](/java/serial-journey/other-components/snakeyaml.md)
  * [C3P0](/java/serial-journey/other-components/c3p0.md)
  * [AspectJWeaver](/java/serial-journey/other-components/aspectjweaver.md)
  * [Rome](/java/serial-journey/other-components/rome.md)
  * [Spring](/java/serial-journey/other-components/spring.md)
  * [Hessian](/java/serial-journey/other-components/hessian.md)
  * [Hessian\_Only\_JDK](/java/serial-journey/other-components/hessian_only_jdk.md)
  * [Kryo](/java/serial-journey/other-components/kryo.md)
  * [Dubbo](/java/serial-journey/other-components/dubbo.md)

### 🌵RASP

* [JavaAgent](/java/rasp/javaagent.md)
* [JVM](/java/rasp/jvm.md)
* [ByteCode](/java/rasp/bytecode.md)
* [JNI](/java/rasp/jni.md)
* ASM 🪡
  * [ASM Intro](/java/rasp/asm/asm0.md)
  * [Class Generation](/java/rasp/asm/asm1.md)
  * [Class Transformation](/java/rasp/asm/asm2.md)
* [Rasp防御命令执行](/java/rasp/rasp1.md)
* [OpenRASP](/java/readme.md)

### 🐎Memory Shell

* [Tomcat-Architecture](/java/memory-shell/tomcat.md)
* Servlet API
  * [Listener](/java/memory-shell/servlet-api/listener.md)
  * [Filter](/java/memory-shell/servlet-api/filter.md)
  * [Servlet](/java/memory-shell/servlet-api/servlet.md)
* Tomcat-Middlewares
  * [Tomcat-Valve](/java/memory-shell/tomcat-middlewares/valve.md)
  * [Tomcat-Executor](/java/memory-shell/tomcat-middlewares/executor.md)
  * [Tomcat-Upgrade](/java/memory-shell/tomcat-middlewares/upgrade.md)
* [Agent MemShell](/java/memory-shell/agent.md)
* [WebSocket](/java/memory-shell/websocket.md)
* [内存马查杀](https://blog.csdn.net/SimoSimoSimo/article/details/127700190)
* [IDEA本地调试Tomcat](/java/memory-shell/de_tomcat.md)

### ✂️JDBC Attack

* [MySQL JDBC Attack](/java/jdbc-attack/mysql.md)
* [H2 JDBC Attack](/java/jdbc-attack/h2.md)

### 🎨Templates

* [FreeMarker](/java/templates/freemarker.md)
* [Thymeleaf](/java/templates/thymeleaf.md)
* [Enjoy](/java/templates/enjoy.md)

### 🎏MessageQueue

* [ActiveMQ CNVD-2023-69477](/java/messagequeue/activemq.md)
* [AMQP CVE-2023-34050](/java/messagequeue/amqp.md)
* [Spring-Kafka CVE-2023-34040](/java/messagequeue/kafka.md)
* [RocketMQ CVE-2023-33246](https://github.com/p4d0rn/Java_Zoo/blob/main/MessageQueue/rocketmq.md)

### 🛡️Shiro

* [Shiro Intro](/java/shiro/shiro.md)
* [Request URI ByPass](/java/shiro/cve-2010-3863.md)
* [Context Path ByPass](/java/shiro/cve-2016-6802.md)
* [Remember Me反序列化 CC-Shiro](/java/shiro/cc-shiro.md)
* [CB1与无CC依赖的反序列化链](/java/shiro/cb1.md)

### 🍺Others

* [Deserialization Twice](/java/others/desertwice.md)
* [A New Blazer 4 getter RCE](/java/others/newgetter.md)
* [Apache Commons Jxpath](/java/others/jxpath.md)
* [El Attack](/java/others/elattack.md)
* [Spel Attack](/java/others/spel.md)
* [C3P0原生反序列化的JNDI打法](/java/others/c3p0.md)
* [Log4j](/java/others/log4j2.md)
* Echo Tech
  * [SpringBoot Under Tomcat](/java/others/echo-tech/sbtomcat.md)
* CTF 🚩
  * [长城杯-b4bycoffee (ROME反序列化)](/java/others/ctf/b4bycoffee.md)
  * [MTCTF2022(CB+Shiro绕过)](/java/others/ctf/mtctf2022.md)
  * [CISCN 2023 西南赛区半决赛 (Hessian原生JDK+Kryo反序列化)](/java/others/ctf/seacloud.md)
  * [CISCN 2023 初赛 (高版本Commons Collections下其他依赖的利用)](/java/others/ctf/deserbug.md)
  * [CISCN 2021 总决赛 ezj4va (AspectJWeaver写字节码文件到classpath)](/java/others/ctf/ezj4va.md)
  * [D^3CTF2023 (新的getter+高版本JNDI不出网+Hessian异常toString)](/java/others/ctf/d3java.md)
  * [WMCTF2023（CC链花式玩法+盲读文件）](/java/others/ctf/wmctf2023.md)
  * [第六届安洵杯网络安全挑战赛（CB PriorityQueue替代+Postgresql JDBC Attack+FreeMarker）](/java/others/ctf/axb2023.md)

### 🔍Code Inspector

* CodeQL 🧶
  * Tutorial
    * [Intro](/java/code-inspector/codeql/tutorial/intro.md)
    * [Module](/java/code-inspector/codeql/tutorial/module.md)
    * [Predicate](/java/code-inspector/codeql/tutorial/predicate.md)
    * [Query](/java/code-inspector/codeql/tutorial/query.md)
    * [Type](/java/code-inspector/codeql/tutorial/type.md)
  * CodeQL 4 Java
    * [Basics](/java/code-inspector/codeql/codeql-4-java/basics.md)
    * [DFA](/java/code-inspector/codeql/codeql-4-java/dfa.md)
    * [Example](/java/code-inspector/codeql/codeql-4-java/codeql4java.md)
* SootUp ✨
  * [Intro](/java/code-inspector/sootup/intro.md)
  * [Jimple](/java/code-inspector/sootup/jimple.md)
  * [DFA](/java/code-inspector/sootup/dfa.md)
  * [CG](/java/code-inspector/sootup/cg.md)
* Tabby 🔦
  * [install](/java/code-inspector/tabby/install.md)
* Theory
  * Static Analysis
    * [Intro](/java/code-inspector/theory/static-analysis/intro.md)
    * [IR & CFG](/java/code-inspector/theory/static-analysis/ir.md)
    * [DFA](/java/code-inspector/theory/static-analysis/dfa.md)
    * [DFA-Foundation](/java/code-inspector/theory/static-analysis/dfa-foundation.md)
    * [Interprocedural Analysis](/java/code-inspector/theory/static-analysis/inter.md)
    * [Pointer Analysis](/java/code-inspector/theory/static-analysis/pta.md)
    * [Pointer Analysis Foundation](/java/code-inspector/theory/static-analysis/pta-foundation.md)
    * [PTA-Context Sensitivity](/java/code-inspector/theory/static-analysis/pta-cs.md)
    * [Taint Anlysis](/java/code-inspector/theory/static-analysis/taint.md)
    * [Datalog](/java/code-inspector/theory/static-analysis/datalog.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://p4d0rn.gitbook.io/java/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.