qtc-de
commented
1 year ago Hi @ghuser :wave:
this is expected behavior and demonstrates one of the strengths of beanshooter compared to other tools. By default, Java RMI redirects users to the hostname that was configured for the RMI server. In case of the example server, this should be iinsecure.dev. Since this hostname does not exist, your connection fails from there. beanshooter fixes this issue by not following these redirects but keep the specified target by default. If you come to a situation where you want beanshooter to follow redirects, you can use the --follow option.
To use jconsole on the example server, just add iinsecure.dev to your /etc/hosts file and let it point to the container IP address.
Thinking about the whole situation makes me realize that choosing iinsecure.dev as hostname was actually quite dumb. This hostname did not exist during development, but someone could claim it and other users may be redirected to this host when, unintentionally attacking a target on the internet :thinking: So thanks for the issue :+1: I will change the hostname to localhost soon :wrench:
If your question was answered, please close the issue :smiley:
I started
jmx-example-serverwith docker, exposing the ports todocker-compose. However I cannot connect withjconsoleto any of them.I tried:
In all I get "secure connection failed. Retry insecurely?" And I select "Insecure selection" but then I see: "The connection to .. did not succeed."
The same happens also when I use the docker's container's ip
172.21.0.2.With beanshooter I can connect. e.g
bruteworks.Is it expected to not being able to connect with
jconsole?