the-web-application-hackers-handbook

152 Chapter 5 n Bypassing Client-Side Controls
to decompile, modify, and recompile a key class file and then use JSwat to hotswap
it into the running application. To use JSwat, you need to launch an applet
using the appletviewer tool included in the JDK and then connect JSwat to it.
For example, you could use this command:
appletviewer -J-Xdebug -J-Djava.compiler=NONE -J-
Xrunjdwp:transport=dt_socket,
server=y,suspend=n,address=5000 appletpage.htm
Figure 5-7: Once a suitable method has been identified, JavaSnoop can be used to
tamper with the return value from the method
When you’re working on Silverlight objects, you can use the Silverlight Spy
tool to monitor the component’s execution at runtime. This can greatly help
correlate relevant code paths to events that occur within the user interface.
Silverlight Spy is available from the following URL:
http://firstfloorsoftware.com/SilverlightSpy/