01 Project introduction 中文说明
Java Runtime Application Self Protection means Java application self-protection system, which is called 'jrasp' for short.
jrasp-agent is the core part of jrasp project.
jrasp-agent based on Java Agent technology, modifies Java bytecode, adds security detection logic, detects and blocks vulnerability attacks in real time.
- Security plug-in can be customized
- Detection logic low delay
- Plug in Hot Update
- Java Process Identification and Automatic Injection
- Support native method hooks such as command execution to completely prevent bypassing;
- Compatible with Windows, Mac and Linux
- Small size, core jar package 600KB
- Increase CPU by 5% (test under normal request)
- Memory consumption below 200MB
- Plug in and daemon HASH verification
- Agent and Daemon socket customized communication protocol and RSA asymmetric encryption;
- The core functions are loaded by custom class loaders and isolated from business classes, which improves the difficulty of attacking RASP from within the JVM;
- Reflection reinforcement: RASP core methods (such as unloading, degradation, etc.) reflect reinforcement to prevent malicious reflection;
- Do not use third-party frameworks, such as servlet, json, sl4j2, apache common, etc
Security module of jrasp agent The currently supported modules are:
- Command execution module (native)
- Deserialization module (jdk deserialization/fastjson/yaml/stream)
- HTTP module (springboot/tomcat/jetty/underwown/spark) (IP blacklist/URL blacklist/scanner identification)
- xxe module (dom4j/jdom/jdk)
- File access module (io/nio)
- Expression injection module (spel/ognl)
- SQL injection (mysql)
- JNDI injection
- SSRF
- shiro
under development:
- danger protocol
- DNS query
- Memory
- Class loader
- attach
- jdk6+
jdk11+ --add-opens=java.base/java.lang=ALL-UNNAMED
- jdk 1.8
- golang 1.19
- maven 3.8.5
Enter the jrsap-agent/bin directory and execute the corresponding environment script.
It should be noted that macOs/windows is only for development and testing.
wx:XL1870011370
-
Based on the open source project jvm-sandbox
-
the hook class/method part from open-rasp
If you are using it, please contact us and add it here.
GPL3.0(You can learn and use in your own projects, but commercialization must be authorized)