https://github.com/thomasleplus/jdk-serial-filter-trace
A JBoss Byteman rule to debug the trace the JDK deserialization filtering
https://github.com/thomasleplus/jdk-serial-filter-trace
byteman byteman-agent deserialization-vulnerability java jboss jboss-eap jboss-wildfly jdk jvm
Last synced: about 1 year ago
JSON representation
A JBoss Byteman rule to debug the trace the JDK deserialization filtering
- Host: GitHub
- URL: https://github.com/thomasleplus/jdk-serial-filter-trace
- Owner: thomasleplus
- License: apache-2.0
- Created: 2020-11-30T07:01:11.000Z (over 5 years ago)
- Default Branch: main
- Last Pushed: 2025-04-03T16:42:32.000Z (about 1 year ago)
- Last Synced: 2025-04-03T17:35:15.583Z (about 1 year ago)
- Topics: byteman, byteman-agent, deserialization-vulnerability, java, jboss, jboss-eap, jboss-wildfly, jdk, jvm
- Homepage:
- Size: 140 KB
- Stars: 5
- Watchers: 2
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
README
# JDK Serial Filter Trace
A JBoss Byteman rule to debug the trace the JDK deserialization filtering
## Foreword
Java 17 introduced Flight Recorder events for deserialization which provides a native way to figure out which classes are being serialized or deserialized using only tools included in the JDK. For more details, you can read this article: https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk/
## TLDR
```
java -javaagent:/path/to/byteman.jar=script:/path/to/rules.btm,boot:/path/to/byteman.jar ...
```
Prints each call to java.io.ObjectInputStream.filterCheck() to stdout.
## Byteman
To download Byteman and to learn more about its options, see https://byteman.jboss.org/.