Awesome
jrasp-agent
01 Project introduction 中文说明
Java Runtime Application Self Protection means Java application self-protection system, which is called 'jrasp' for short.
jrasp-agent is the core part of jrasp project.
jrasp-agent based on Java Agent technology, modifies Java bytecode, adds security detection logic, detects and blocks vulnerability attacks in real time.
02 Characteristics
Functional characteristics
- Security plug-in can be customized
- Detection logic low delay
- Plug in Hot Update
- Java Process Identification and Automatic Injection
- Support native method hooks such as command execution to completely prevent bypassing;
- Compatible with Windows, Mac and Linux
- Small size, core jar package 600KB
Performance
- Increase CPU by 5% (test under normal request)
- Memory consumption below 200MB
Self security
- Plug in and daemon HASH verification
- Agent and Daemon socket customized communication protocol and RSA asymmetric encryption;
- The core functions are loaded by custom class loaders and isolated from business classes, which improves the difficulty of attacking RASP from within the JVM;
- Reflection reinforcement: RASP core methods (such as unloading, degradation, etc.) reflect reinforcement to prevent malicious reflection;
- Do not use third-party frameworks, such as servlet, json, sl4j2, apache common, etc
Security module
Security module of jrasp agent The currently supported modules are:
- Command execution module (native)
- Deserialization module (jdk deserialization/fastjson/yaml/stream)
- HTTP module (springboot/tomcat/jetty/underwown/spark) (IP blacklist/URL blacklist/scanner identification)
- xxe module (dom4j/jdom/jdk)
- File access module (io/nio)
- Expression injection module (spel/ognl)
- SQL injection (mysql)
- JNDI injection
- SSRF
- shiro
under development:
- danger protocol
- DNS query
- Memory
- Class loader
- attach
Supported jdk versions
- jdk6+
jdk11+ --add-opens=java.base/java.lang=ALL-UNNAMED
03 Install (centos)
04 develop & Compilation (Source code only available from partners)
Due to the high number of installations of this product, based on product safety considerations, no longer open source code, partners can provide jrasp basic framework source code
05 Version record
06 Wechat
wx:hycsxs
07 Official website
08 Explanation
-
Based on the open source project jvm-sandbox
-
the hook class/method part from open-rasp
09 Users
If you are using it, please contact us and add it here.
10 Copyright Information
GPL3.0(You can learn and use in your own projects, other actions must be authorized)