Java Applets
A Java applet is a small application
which is written in Java and delivered to users in the form of bytecode.
The user launches the Java applet from a web page, and the applet is then
executed within a Java Virtual Machine (JVM) in a process separate
from the web browser
itself. A Java applet can appear in a frame of the web page, a new application
window, Sun's AppletViewer,
or a stand-alone tool for testing applets.
The Applets are used to provide interactive features to web
applications that cannot be provided by HTML alone.They can
capture mouse input
and also have controls like buttons or check boxes.
An untrusted
applet has no access to the local machine and can only access the server it
came from. This makes such an applet much safer to run than a standalone
executable that it could replace. However, a signed applet can have full access
to the machine it is running on if the user agrees.
This attack will create a malicious Java applet hosted on the
attacker's machine within a local copy of a famous website (Gmail, Facebook,
...) and start a listener. Once the victim will connect to us, he/she will bind
to us and a session will be created on the attacker's machine.
No comments:
Post a Comment