Skip to content
/ jdk-serial-filter-trace Public

A JBoss Byteman rule to debug the trace the JDK deserialization filtering

License

Apache-2.0 license
5 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

thomasleplus/jdk-serial-filter-trace

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

112 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
.whitesource
.whitesource
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
rules.btm
rules.btm
 
 

Repository files navigation

JDK Serial Filter Trace

A JBoss Byteman rule to debug the trace the JDK deserialization filtering

Foreword

Java 17 introduced Flight Recorder events for deserialization which provides a native way to figure out which classes are being serialized or deserialized using only tools included in the JDK. For more details, you can read this article: https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk/

TLDR

java -javaagent:/path/to/byteman.jar=script:/path/to/rules.btm,boot:/path/to/byteman.jar ...

Prints each call to java.io.ObjectInputStream.filterCheck() to stdout.

Byteman

To download Byteman and to learn more about its options, see https://byteman.jboss.org/.

About

A JBoss Byteman rule to debug the trace the JDK deserialization filtering

Topics

java jvm byteman jdk jboss jboss-eap jboss-wildfly deserialization-vulnerability byteman-agent

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity

Stars

5 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •